diff --git a/.github/workflows/extension-tests.yml b/.github/workflows/extension-tests.yml
index bb251817d1..43ebfa5320 100644
--- a/.github/workflows/extension-tests.yml
+++ b/.github/workflows/extension-tests.yml
@@ -28,7 +28,7 @@ jobs:
           - { name: "rv32im", path: "rv32im" }
           - { name: "native", path: "native" }
           - { name: "keccak256", path: "keccak256" }
-          - { name: "sha256", path: "sha256" }
+          - { name: "sha2", path: "sha2" }
           - { name: "bigint", path: "bigint" }
           - { name: "algebra", path: "algebra" }
           - { name: "ecc", path: "ecc" }
diff --git a/.github/workflows/primitives.yml b/.github/workflows/primitives.yml
index 714230b8cd..d020aa0d2b 100644
--- a/.github/workflows/primitives.yml
+++ b/.github/workflows/primitives.yml
@@ -8,7 +8,7 @@ on:
     paths:
       - "crates/circuits/primitives/**"
       - "crates/circuits/poseidon2-air/**"
-      - "crates/circuits/sha256-air/**"
+      - "crates/circuits/sha2-air/**"
       - "crates/circuits/mod-builder/**"
       - "Cargo.toml"
       - ".github/workflows/primitives.yml"
@@ -47,8 +47,8 @@ jobs:
         run: |
           cargo nextest run --cargo-profile fast --features parallel
 
-      - name: Run tests for sha256-air
-        working-directory: crates/circuits/sha256-air
+      - name: Run tests for sha2-air
+        working-directory: crates/circuits/sha2-air
         run: |
           cargo nextest run --cargo-profile fast --features parallel
 
diff --git a/Cargo.lock b/Cargo.lock
deleted file mode 100644
index 0de21f22b6..0000000000
--- a/Cargo.lock
+++ /dev/null
@@ -1,6830 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "addchain"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b2e69442aa5628ea6951fa33e24efe8313f4321a91bd729fc2f75bdfc858570"
-dependencies = [
- "num-bigint 0.3.3",
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "addr2line"
-version = "0.24.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1"
-dependencies = [
- "gimli",
-]
-
-[[package]]
-name = "adler2"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
-
-[[package]]
-name = "ahash"
-version = "0.8.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
-dependencies = [
- "cfg-if",
- "once_cell",
- "version_check",
- "zerocopy",
-]
-
-[[package]]
-name = "aho-corasick"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
-dependencies = [
- "memchr",
-]
-
-[[package]]
-name = "allocator-api2"
-version = "0.2.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
-
-[[package]]
-name = "alloy-eip2930"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0069cf0642457f87a01a014f6dc29d5d893cd4fd8fddf0c3cdfad1bb3ebafc41"
-dependencies = [
- "alloy-primitives",
- "alloy-rlp",
- "serde",
-]
-
-[[package]]
-name = "alloy-eip7702"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c986539255fb839d1533c128e190e557e52ff652c9ef62939e233a81dd93f7e"
-dependencies = [
- "alloy-primitives",
- "alloy-rlp",
- "derive_more 1.0.0",
- "k256",
- "serde",
-]
-
-[[package]]
-name = "alloy-primitives"
-version = "0.8.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "478bedf4d24e71ea48428d1bc278553bd7c6ae07c30ca063beb0b09fe58a9e74"
-dependencies = [
- "alloy-rlp",
- "bytes",
- "cfg-if",
- "const-hex",
- "derive_more 1.0.0",
- "foldhash",
- "hashbrown 0.15.2",
- "indexmap 2.7.1",
- "itoa",
- "k256",
- "keccak-asm",
- "paste",
- "proptest",
- "rand",
- "ruint",
- "rustc-hash 2.1.1",
- "serde",
- "sha3",
- "tiny-keccak",
-]
-
-[[package]]
-name = "alloy-rlp"
-version = "0.3.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6c1d995bff8d011f7cd6c81820d51825e6e06d6db73914c1630ecf544d83d6"
-dependencies = [
- "alloy-rlp-derive",
- "arrayvec",
- "bytes",
-]
-
-[[package]]
-name = "alloy-rlp-derive"
-version = "0.3.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a40e1ef334153322fd878d07e86af7a529bcb86b2439525920a88eba87bcf943"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "android-tzdata"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
-
-[[package]]
-name = "android_system_properties"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "anes"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
-
-[[package]]
-name = "ansi_term"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
-dependencies = [
- "winapi",
-]
-
-[[package]]
-name = "anstream"
-version = "0.6.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
-dependencies = [
- "anstyle",
- "anstyle-parse",
- "anstyle-query",
- "anstyle-wincon",
- "colorchoice",
- "is_terminal_polyfill",
- "utf8parse",
-]
-
-[[package]]
-name = "anstyle"
-version = "1.0.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
-
-[[package]]
-name = "anstyle-parse"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9"
-dependencies = [
- "utf8parse",
-]
-
-[[package]]
-name = "anstyle-query"
-version = "1.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c"
-dependencies = [
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "anstyle-wincon"
-version = "3.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e"
-dependencies = [
- "anstyle",
- "once_cell",
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "anyhow"
-version = "1.0.96"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b964d184e89d9b6b67dd2715bc8e74cf3107fb2b529990c90cf517326150bf4"
-
-[[package]]
-name = "ark-ff"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b3235cc41ee7a12aaaf2c575a2ad7b46713a8a50bda2fc3b003a04845c05dd6"
-dependencies = [
- "ark-ff-asm 0.3.0",
- "ark-ff-macros 0.3.0",
- "ark-serialize 0.3.0",
- "ark-std 0.3.0",
- "derivative",
- "num-bigint 0.4.6",
- "num-traits",
- "paste",
- "rustc_version 0.3.3",
- "zeroize",
-]
-
-[[package]]
-name = "ark-ff"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba"
-dependencies = [
- "ark-ff-asm 0.4.2",
- "ark-ff-macros 0.4.2",
- "ark-serialize 0.4.2",
- "ark-std 0.4.0",
- "derivative",
- "digest 0.10.7",
- "itertools 0.10.5",
- "num-bigint 0.4.6",
- "num-traits",
- "paste",
- "rustc_version 0.4.1",
- "zeroize",
-]
-
-[[package]]
-name = "ark-ff-asm"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db02d390bf6643fb404d3d22d31aee1c4bc4459600aef9113833d17e786c6e44"
-dependencies = [
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "ark-ff-asm"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348"
-dependencies = [
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "ark-ff-macros"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db2fd794a08ccb318058009eefdf15bcaaaaf6f8161eb3345f907222bac38b20"
-dependencies = [
- "num-bigint 0.4.6",
- "num-traits",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "ark-ff-macros"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565"
-dependencies = [
- "num-bigint 0.4.6",
- "num-traits",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "ark-serialize"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d6c2b318ee6e10f8c2853e73a83adc0ccb88995aa978d8a3408d492ab2ee671"
-dependencies = [
- "ark-std 0.3.0",
- "digest 0.9.0",
-]
-
-[[package]]
-name = "ark-serialize"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5"
-dependencies = [
- "ark-std 0.4.0",
- "digest 0.10.7",
- "num-bigint 0.4.6",
-]
-
-[[package]]
-name = "ark-std"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1df2c09229cbc5a028b1d70e00fdb2acee28b1055dfb5ca73eea49c5a25c4e7c"
-dependencies = [
- "num-traits",
- "rand",
-]
-
-[[package]]
-name = "ark-std"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185"
-dependencies = [
- "num-traits",
- "rand",
-]
-
-[[package]]
-name = "arrayref"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb"
-
-[[package]]
-name = "arrayvec"
-version = "0.7.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
-
-[[package]]
-name = "async-trait"
-version = "0.1.86"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "644dd749086bf3771a2fbc5f256fdb982d53f011c7d5d560304eafeecebce79d"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "aurora-engine-modexp"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "518bc5745a6264b5fd7b09dffb9667e400ee9e2bbe18555fac75e1fe9afa0df9"
-dependencies = [
- "hex",
- "num",
-]
-
-[[package]]
-name = "auto_impl"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e12882f59de5360c748c4cbf569a042d5fb0eb515f7bea9c1f470b47f6ffbd73"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "autocfg"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
-
-[[package]]
-name = "aws-config"
-version = "1.5.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90aff65e86db5fe300752551c1b015ef72b708ac54bded8ef43d0d53cb7cb0b1"
-dependencies = [
- "aws-credential-types",
- "aws-runtime",
- "aws-sdk-sso",
- "aws-sdk-ssooidc",
- "aws-sdk-sts",
- "aws-smithy-async",
- "aws-smithy-http 0.61.1",
- "aws-smithy-json",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-types",
- "bytes",
- "fastrand",
- "hex",
- "http 0.2.12",
- "ring",
- "time",
- "tokio",
- "tracing",
- "url",
- "zeroize",
-]
-
-[[package]]
-name = "aws-credential-types"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60e8f6b615cb5fc60a98132268508ad104310f0cfb25a1c22eee76efdf9154da"
-dependencies = [
- "aws-smithy-async",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "zeroize",
-]
-
-[[package]]
-name = "aws-runtime"
-version = "1.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76dd04d39cc12844c0994f2c9c5a6f5184c22e9188ec1ff723de41910a21dcad"
-dependencies = [
- "aws-credential-types",
- "aws-sigv4",
- "aws-smithy-async",
- "aws-smithy-eventstream",
- "aws-smithy-http 0.60.12",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-types",
- "bytes",
- "fastrand",
- "http 0.2.12",
- "http-body 0.4.6",
- "once_cell",
- "percent-encoding",
- "pin-project-lite",
- "tracing",
- "uuid",
-]
-
-[[package]]
-name = "aws-sdk-s3"
-version = "1.78.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3038614b6cf7dd68d9a7b5b39563d04337eb3678d1d4173e356e927b0356158a"
-dependencies = [
- "aws-credential-types",
- "aws-runtime",
- "aws-sigv4",
- "aws-smithy-async",
- "aws-smithy-checksums",
- "aws-smithy-eventstream",
- "aws-smithy-http 0.61.1",
- "aws-smithy-json",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-smithy-xml",
- "aws-types",
- "bytes",
- "fastrand",
- "hex",
- "hmac",
- "http 0.2.12",
- "http-body 0.4.6",
- "lru",
- "once_cell",
- "percent-encoding",
- "regex-lite",
- "sha2",
- "tracing",
- "url",
-]
-
-[[package]]
-name = "aws-sdk-sso"
-version = "1.61.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e65ff295979977039a25f5a0bf067a64bc5e6aa38f3cef4037cf42516265553c"
-dependencies = [
- "aws-credential-types",
- "aws-runtime",
- "aws-smithy-async",
- "aws-smithy-http 0.61.1",
- "aws-smithy-json",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-types",
- "bytes",
- "http 0.2.12",
- "once_cell",
- "regex-lite",
- "tracing",
-]
-
-[[package]]
-name = "aws-sdk-ssooidc"
-version = "1.62.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91430a60f754f235688387b75ee798ef00cfd09709a582be2b7525ebb5306d4f"
-dependencies = [
- "aws-credential-types",
- "aws-runtime",
- "aws-smithy-async",
- "aws-smithy-http 0.61.1",
- "aws-smithy-json",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-types",
- "bytes",
- "http 0.2.12",
- "once_cell",
- "regex-lite",
- "tracing",
-]
-
-[[package]]
-name = "aws-sdk-sts"
-version = "1.62.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9276e139d39fff5a0b0c984fc2d30f970f9a202da67234f948fda02e5bea1dbe"
-dependencies = [
- "aws-credential-types",
- "aws-runtime",
- "aws-smithy-async",
- "aws-smithy-http 0.61.1",
- "aws-smithy-json",
- "aws-smithy-query",
- "aws-smithy-runtime",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "aws-smithy-xml",
- "aws-types",
- "http 0.2.12",
- "once_cell",
- "regex-lite",
- "tracing",
-]
-
-[[package]]
-name = "aws-sigv4"
-version = "1.2.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9bfe75fad52793ce6dec0dc3d4b1f388f038b5eb866c8d4d7f3a8e21b5ea5051"
-dependencies = [
- "aws-credential-types",
- "aws-smithy-eventstream",
- "aws-smithy-http 0.60.12",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "bytes",
- "crypto-bigint 0.5.5",
- "form_urlencoded",
- "hex",
- "hmac",
- "http 0.2.12",
- "http 1.2.0",
- "once_cell",
- "p256 0.11.1",
- "percent-encoding",
- "ring",
- "sha2",
- "subtle",
- "time",
- "tracing",
- "zeroize",
-]
-
-[[package]]
-name = "aws-smithy-async"
-version = "1.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa59d1327d8b5053c54bf2eaae63bf629ba9e904434d0835a28ed3c0ed0a614e"
-dependencies = [
- "futures-util",
- "pin-project-lite",
- "tokio",
-]
-
-[[package]]
-name = "aws-smithy-checksums"
-version = "0.63.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db2dc8d842d872529355c72632de49ef8c5a2949a4472f10e802f28cf925770c"
-dependencies = [
- "aws-smithy-http 0.60.12",
- "aws-smithy-types",
- "bytes",
- "crc32c",
- "crc32fast",
- "crc64fast-nvme",
- "hex",
- "http 0.2.12",
- "http-body 0.4.6",
- "md-5",
- "pin-project-lite",
- "sha1",
- "sha2",
- "tracing",
-]
-
-[[package]]
-name = "aws-smithy-eventstream"
-version = "0.60.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "461e5e02f9864cba17cff30f007c2e37ade94d01e87cdb5204e44a84e6d38c17"
-dependencies = [
- "aws-smithy-types",
- "bytes",
- "crc32fast",
-]
-
-[[package]]
-name = "aws-smithy-http"
-version = "0.60.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7809c27ad8da6a6a68c454e651d4962479e81472aa19ae99e59f9aba1f9713cc"
-dependencies = [
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "bytes",
- "bytes-utils",
- "futures-core",
- "http 0.2.12",
- "http-body 0.4.6",
- "once_cell",
- "percent-encoding",
- "pin-project-lite",
- "pin-utils",
- "tracing",
-]
-
-[[package]]
-name = "aws-smithy-http"
-version = "0.61.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6f276f21c7921fe902826618d1423ae5bf74cf8c1b8472aee8434f3dfd31824"
-dependencies = [
- "aws-smithy-eventstream",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "bytes",
- "bytes-utils",
- "futures-core",
- "http 0.2.12",
- "http-body 0.4.6",
- "once_cell",
- "percent-encoding",
- "pin-project-lite",
- "pin-utils",
- "tracing",
-]
-
-[[package]]
-name = "aws-smithy-json"
-version = "0.61.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "623a51127f24c30776c8b374295f2df78d92517386f77ba30773f15a30ce1422"
-dependencies = [
- "aws-smithy-types",
-]
-
-[[package]]
-name = "aws-smithy-query"
-version = "0.60.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb"
-dependencies = [
- "aws-smithy-types",
- "urlencoding",
-]
-
-[[package]]
-name = "aws-smithy-runtime"
-version = "1.7.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d526a12d9ed61fadefda24abe2e682892ba288c2018bcb38b1b4c111d13f6d92"
-dependencies = [
- "aws-smithy-async",
- "aws-smithy-http 0.60.12",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "bytes",
- "fastrand",
- "h2",
- "http 0.2.12",
- "http-body 0.4.6",
- "http-body 1.0.1",
- "httparse",
- "hyper",
- "hyper-rustls",
- "once_cell",
- "pin-project-lite",
- "pin-utils",
- "rustls",
- "tokio",
- "tracing",
-]
-
-[[package]]
-name = "aws-smithy-runtime-api"
-version = "1.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92165296a47a812b267b4f41032ff8069ab7ff783696d217f0994a0d7ab585cd"
-dependencies = [
- "aws-smithy-async",
- "aws-smithy-types",
- "bytes",
- "http 0.2.12",
- "http 1.2.0",
- "pin-project-lite",
- "tokio",
- "tracing",
- "zeroize",
-]
-
-[[package]]
-name = "aws-smithy-types"
-version = "1.2.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7b8a53819e42f10d0821f56da995e1470b199686a1809168db6ca485665f042"
-dependencies = [
- "base64-simd",
- "bytes",
- "bytes-utils",
- "futures-core",
- "http 0.2.12",
- "http 1.2.0",
- "http-body 0.4.6",
- "http-body 1.0.1",
- "http-body-util",
- "itoa",
- "num-integer",
- "pin-project-lite",
- "pin-utils",
- "ryu",
- "serde",
- "time",
- "tokio",
- "tokio-util",
-]
-
-[[package]]
-name = "aws-smithy-xml"
-version = "0.60.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab0b0166827aa700d3dc519f72f8b3a91c35d0b8d042dc5d643a91e6f80648fc"
-dependencies = [
- "xmlparser",
-]
-
-[[package]]
-name = "aws-types"
-version = "1.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfbd0a668309ec1f66c0f6bda4840dd6d4796ae26d699ebc266d7cc95c6d040f"
-dependencies = [
- "aws-credential-types",
- "aws-smithy-async",
- "aws-smithy-runtime-api",
- "aws-smithy-types",
- "rustc_version 0.4.1",
- "tracing",
-]
-
-[[package]]
-name = "backtrace"
-version = "0.3.74"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
-dependencies = [
- "addr2line",
- "cfg-if",
- "libc",
- "miniz_oxide",
- "object",
- "rustc-demangle",
- "serde",
- "windows-targets",
-]
-
-[[package]]
-name = "base16ct"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
-
-[[package]]
-name = "base16ct"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
-
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
-[[package]]
-name = "base64"
-version = "0.21.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
-
-[[package]]
-name = "base64"
-version = "0.22.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
-
-[[package]]
-name = "base64-simd"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195"
-dependencies = [
- "outref",
- "vsimd",
-]
-
-[[package]]
-name = "base64ct"
-version = "1.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
-
-[[package]]
-name = "bincode"
-version = "1.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "bit-set"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1"
-dependencies = [
- "bit-vec",
-]
-
-[[package]]
-name = "bit-vec"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
-
-[[package]]
-name = "bitcode"
-version = "0.6.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18c1406a27371b2f76232a2259df6ab607b91b5a0a7476a7729ff590df5a969a"
-dependencies = [
- "arrayvec",
- "bitcode_derive",
- "bytemuck",
- "glam",
- "serde",
-]
-
-[[package]]
-name = "bitcode_derive"
-version = "0.6.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42b6b4cb608b8282dc3b53d0f4c9ab404655d562674c682db7e6c0458cc83c23"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "bitflags"
-version = "2.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
-
-[[package]]
-name = "bitvec"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c"
-dependencies = [
- "funty",
- "radium",
- "tap",
- "wyz",
-]
-
-[[package]]
-name = "blake2"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
-dependencies = [
- "digest 0.10.7",
-]
-
-[[package]]
-name = "blake2b_simd"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06e903a20b159e944f91ec8499fe1e55651480c541ea0a584f5d967c49ad9d99"
-dependencies = [
- "arrayref",
- "arrayvec",
- "constant_time_eq",
-]
-
-[[package]]
-name = "blake3"
-version = "1.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1230237285e3e10cde447185e8975408ae24deaa67205ce684805c25bc0c7937"
-dependencies = [
- "arrayref",
- "arrayvec",
- "cc",
- "cfg-if",
- "constant_time_eq",
- "memmap2",
-]
-
-[[package]]
-name = "block-buffer"
-version = "0.10.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "bls12_381"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3c196a77437e7cc2fb515ce413a6401291578b5afc8ecb29a3c7ab957f05941"
-dependencies = [
- "ff 0.12.1",
- "group 0.12.1",
- "pairing 0.22.0",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "blst"
-version = "0.3.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47c79a94619fade3c0b887670333513a67ac28a6a7e653eb260bf0d4103db38d"
-dependencies = [
- "cc",
- "glob",
- "threadpool",
- "zeroize",
-]
-
-[[package]]
-name = "bon"
-version = "3.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe7acc34ff59877422326db7d6f2d845a582b16396b6b08194942bf34c6528ab"
-dependencies = [
- "bon-macros",
- "rustversion",
-]
-
-[[package]]
-name = "bon-macros"
-version = "3.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4159dd617a7fbc9be6a692fe69dc2954f8e6bb6bb5e4d7578467441390d77fd0"
-dependencies = [
- "darling",
- "ident_case",
- "prettyplease",
- "proc-macro2",
- "quote",
- "rustversion",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "bumpalo"
-version = "3.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
-
-[[package]]
-name = "byte-slice-cast"
-version = "1.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3ac9f8b63eca6fd385229b3675f6cc0dc5c8a5c8a54a59d4f52ffd670d87b0c"
-
-[[package]]
-name = "bytemuck"
-version = "1.21.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3"
-
-[[package]]
-name = "byteorder"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
-
-[[package]]
-name = "bytes"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f61dac84819c6588b558454b194026eb1f09c293b9036ae9b159e74e73ab6cf9"
-
-[[package]]
-name = "bytes-utils"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35"
-dependencies = [
- "bytes",
- "either",
-]
-
-[[package]]
-name = "c-kzg"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0307f72feab3300336fb803a57134159f6e20139af1357f36c54cb90d8e8928"
-dependencies = [
- "blst",
- "cc",
- "glob",
- "hex",
- "libc",
- "once_cell",
- "serde",
-]
-
-[[package]]
-name = "camino"
-version = "1.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b96ec4966b5813e2c0507c1f86115c8c5abaadc3980879c3424042a02fd1ad3"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "cargo-openvm"
-version = "1.0.0"
-dependencies = [
- "aws-config",
- "aws-sdk-s3",
- "clap",
- "eyre",
- "hex",
- "openvm-build",
- "openvm-native-recursion",
- "openvm-sdk",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "openvm-transpiler",
- "serde",
- "serde_json",
- "target-lexicon",
- "tempfile",
- "tokio",
- "toml",
- "tracing",
- "vergen",
-]
-
-[[package]]
-name = "cargo-platform"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "cargo_metadata"
-version = "0.18.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d886547e41f740c616ae73108f6eb70afe6d940c7bc697cb30f13daec073037"
-dependencies = [
- "camino",
- "cargo-platform",
- "semver 1.0.25",
- "serde",
- "serde_json",
- "thiserror 1.0.69",
-]
-
-[[package]]
-name = "cast"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
-
-[[package]]
-name = "cc"
-version = "1.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c3d1b2e905a3a7b00a6141adb0e4c0bb941d11caf55349d863942a1cc44e3c9"
-dependencies = [
- "jobserver",
- "libc",
- "shlex",
-]
-
-[[package]]
-name = "cfg-if"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-
-[[package]]
-name = "chrono"
-version = "0.4.39"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
-dependencies = [
- "android-tzdata",
- "iana-time-zone",
- "num-traits",
- "serde",
- "windows-targets",
-]
-
-[[package]]
-name = "ciborium"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e"
-dependencies = [
- "ciborium-io",
- "ciborium-ll",
- "serde",
-]
-
-[[package]]
-name = "ciborium-io"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757"
-
-[[package]]
-name = "ciborium-ll"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9"
-dependencies = [
- "ciborium-io",
- "half",
-]
-
-[[package]]
-name = "clap"
-version = "4.5.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92b7b18d71fad5313a1e320fa9897994228ce274b60faa4d694fe0ea89cd9e6d"
-dependencies = [
- "clap_builder",
- "clap_derive",
-]
-
-[[package]]
-name = "clap_builder"
-version = "4.5.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a35db2071778a7344791a4fb4f95308b5673d219dee3ae348b86642574ecc90c"
-dependencies = [
- "anstream",
- "anstyle",
- "clap_lex",
- "strsim",
-]
-
-[[package]]
-name = "clap_derive"
-version = "4.5.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed"
-dependencies = [
- "heck",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "clap_lex"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
-
-[[package]]
-name = "colorchoice"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
-
-[[package]]
-name = "const-default"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b396d1f76d455557e1218ec8066ae14bba60b4b36ecd55577ba979f5db7ecaa"
-
-[[package]]
-name = "const-hex"
-version = "1.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b0485bab839b018a8f1723fc5391819fea5f8f0f32288ef8a735fd096b6160c"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "hex",
- "proptest",
- "serde",
-]
-
-[[package]]
-name = "const-oid"
-version = "0.9.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
-
-[[package]]
-name = "const_format"
-version = "0.2.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "126f97965c8ad46d6d9163268ff28432e8f6a1196a55578867832e3049df63dd"
-dependencies = [
- "const_format_proc_macros",
-]
-
-[[package]]
-name = "const_format_proc_macros"
-version = "0.2.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-xid",
-]
-
-[[package]]
-name = "constant_time_eq"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
-
-[[package]]
-name = "convert_case"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
-
-[[package]]
-name = "core-foundation"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "core-foundation-sys"
-version = "0.8.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
-
-[[package]]
-name = "cpufeatures"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "crc"
-version = "3.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636"
-dependencies = [
- "crc-catalog",
-]
-
-[[package]]
-name = "crc-catalog"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
-
-[[package]]
-name = "crc32c"
-version = "0.6.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a47af21622d091a8f0fb295b88bc886ac74efcc613efc19f5d0b21de5c89e47"
-dependencies = [
- "rustc_version 0.4.1",
-]
-
-[[package]]
-name = "crc32fast"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
-dependencies = [
- "cfg-if",
-]
-
-[[package]]
-name = "crc64fast-nvme"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4955638f00a809894c947f85a024020a20815b65a5eea633798ea7924edab2b3"
-dependencies = [
- "crc",
-]
-
-[[package]]
-name = "criterion"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f"
-dependencies = [
- "anes",
- "cast",
- "ciborium",
- "clap",
- "criterion-plot",
- "is-terminal",
- "itertools 0.10.5",
- "num-traits",
- "once_cell",
- "oorandom",
- "plotters",
- "rayon",
- "regex",
- "serde",
- "serde_derive",
- "serde_json",
- "tinytemplate",
- "walkdir",
-]
-
-[[package]]
-name = "criterion-plot"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1"
-dependencies = [
- "cast",
- "itertools 0.10.5",
-]
-
-[[package]]
-name = "critical-section"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b"
-
-[[package]]
-name = "crossbeam"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8"
-dependencies = [
- "crossbeam-channel",
- "crossbeam-deque",
- "crossbeam-epoch",
- "crossbeam-queue",
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-channel"
-version = "0.5.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-deque"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51"
-dependencies = [
- "crossbeam-epoch",
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-epoch"
-version = "0.9.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-queue"
-version = "0.3.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-utils"
-version = "0.8.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
-
-[[package]]
-name = "crunchy"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43da5946c66ffcc7745f48db692ffbb10a83bfe0afd96235c5c2a4fb23994929"
-
-[[package]]
-name = "crypto-bigint"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
-dependencies = [
- "generic-array",
- "rand_core",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "crypto-bigint"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
-dependencies = [
- "generic-array",
- "rand_core",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "crypto-common"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
-dependencies = [
- "generic-array",
- "typenum",
-]
-
-[[package]]
-name = "darling"
-version = "0.20.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989"
-dependencies = [
- "darling_core",
- "darling_macro",
-]
-
-[[package]]
-name = "darling_core"
-version = "0.20.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5"
-dependencies = [
- "fnv",
- "ident_case",
- "proc-macro2",
- "quote",
- "strsim",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "darling_macro"
-version = "0.20.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
-dependencies = [
- "darling_core",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "der"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
-dependencies = [
- "const-oid",
- "zeroize",
-]
-
-[[package]]
-name = "der"
-version = "0.7.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
-dependencies = [
- "const-oid",
- "zeroize",
-]
-
-[[package]]
-name = "deranged"
-version = "0.3.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
-dependencies = [
- "powerfmt",
- "serde",
-]
-
-[[package]]
-name = "derivative"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "derive-new"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d150dea618e920167e5973d70ae6ece4385b7164e0d799fe7c122dd0a5d912ad"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "derive-new"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cdc8d50f426189eef89dac62fabfa0abb27d5cc008f25bf4156a0203325becc"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "derive_more"
-version = "0.99.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3da29a38df43d6f156149c9b43ded5e018ddff2a855cf2cfd62e8cd7d079c69f"
-dependencies = [
- "convert_case",
- "proc-macro2",
- "quote",
- "rustc_version 0.4.1",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "derive_more"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05"
-dependencies = [
- "derive_more-impl",
-]
-
-[[package]]
-name = "derive_more-impl"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "unicode-xid",
-]
-
-[[package]]
-name = "digest"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "digest"
-version = "0.10.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
-dependencies = [
- "block-buffer",
- "const-oid",
- "crypto-common",
- "subtle",
-]
-
-[[package]]
-name = "displaydoc"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "downcast-rs"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2"
-
-[[package]]
-name = "dyn-clone"
-version = "1.0.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "feeef44e73baff3a26d371801df019877a9866a8c493d315ab00177843314f35"
-
-[[package]]
-name = "ecdsa"
-version = "0.14.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
-dependencies = [
- "der 0.6.1",
- "elliptic-curve 0.12.3",
- "rfc6979 0.3.1",
- "signature 1.6.4",
-]
-
-[[package]]
-name = "ecdsa"
-version = "0.16.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
-dependencies = [
- "der 0.7.9",
- "digest 0.10.7",
- "elliptic-curve 0.13.8",
- "rfc6979 0.4.0",
- "signature 2.2.0",
- "spki 0.7.3",
-]
-
-[[package]]
-name = "either"
-version = "1.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
-
-[[package]]
-name = "elf"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4445909572dbd556c457c849c4ca58623d84b27c8fff1e74b0b4227d8b90d17b"
-
-[[package]]
-name = "elliptic-curve"
-version = "0.12.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
-dependencies = [
- "base16ct 0.1.1",
- "crypto-bigint 0.4.9",
- "der 0.6.1",
- "digest 0.10.7",
- "ff 0.12.1",
- "generic-array",
- "group 0.12.1",
- "pkcs8 0.9.0",
- "rand_core",
- "sec1 0.3.0",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "elliptic-curve"
-version = "0.13.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
-dependencies = [
- "base16ct 0.2.0",
- "crypto-bigint 0.5.5",
- "digest 0.10.7",
- "ff 0.13.0",
- "generic-array",
- "group 0.13.0",
- "pkcs8 0.10.2",
- "rand_core",
- "sec1 0.7.3",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "embedded-alloc"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f2de9133f68db0d4627ad69db767726c99ff8585272716708227008d3f1bddd"
-dependencies = [
- "const-default",
- "critical-section",
- "linked_list_allocator",
- "rlsf",
-]
-
-[[package]]
-name = "endian-type"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c34f04666d835ff5d62e058c3995147c06f42fe86ff053337632bca83e42702d"
-
-[[package]]
-name = "enum_dispatch"
-version = "0.3.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa18ce2bc66555b3218614519ac839ddb759a7d6720732f979ef8d13be147ecd"
-dependencies = [
- "once_cell",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "enumn"
-version = "0.1.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f9ed6b3789237c8a0c1c505af1c7eb2c560df6186f01b098c3a1064ea532f38"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "env_filter"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0"
-dependencies = [
- "log",
-]
-
-[[package]]
-name = "env_logger"
-version = "0.11.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcaee3d8e3cfc3fd92428d477bc97fc29ec8716d180c0d74c643bb26166660e0"
-dependencies = [
- "anstream",
- "anstyle",
- "env_filter",
- "log",
-]
-
-[[package]]
-name = "equivalent"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
-
-[[package]]
-name = "errno"
-version = "0.3.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
-dependencies = [
- "libc",
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "ethbloom"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c22d4b5885b6aa2fe5e8b9329fb8d232bf739e434e6b87347c63bdd00c120f60"
-dependencies = [
- "crunchy",
- "fixed-hash",
- "tiny-keccak",
-]
-
-[[package]]
-name = "ethereum-types"
-version = "0.14.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02d215cbf040552efcbe99a38372fe80ab9d00268e20012b79fcd0f073edd8ee"
-dependencies = [
- "ethbloom",
- "fixed-hash",
- "primitive-types",
- "uint",
-]
-
-[[package]]
-name = "eyre"
-version = "0.6.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7cd915d99f24784cdc19fd37ef22b97e3ff0ae756c7e492e9fbfe897d61e2aec"
-dependencies = [
- "indenter",
- "once_cell",
-]
-
-[[package]]
-name = "fastrand"
-version = "2.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
-
-[[package]]
-name = "fastrlp"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "139834ddba373bbdd213dffe02c8d110508dcf1726c2be27e8d1f7d7e1856418"
-dependencies = [
- "arrayvec",
- "auto_impl",
- "bytes",
-]
-
-[[package]]
-name = "fastrlp"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce8dba4714ef14b8274c371879b175aa55b16b30f269663f19d576f380018dc4"
-dependencies = [
- "arrayvec",
- "auto_impl",
- "bytes",
-]
-
-[[package]]
-name = "ff"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
-dependencies = [
- "bitvec",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "ff"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
-dependencies = [
- "bitvec",
- "byteorder",
- "ff_derive",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "ff_derive"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9f54704be45ed286151c5e11531316eaef5b8f5af7d597b806fdb8af108d84a"
-dependencies = [
- "addchain",
- "cfg-if",
- "num-bigint 0.3.3",
- "num-integer",
- "num-traits",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "fixed-hash"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "835c052cb0c08c1acf6ffd71c022172e18723949c8282f2b9f27efbc51e64534"
-dependencies = [
- "byteorder",
- "rand",
- "rustc-hex",
- "static_assertions",
-]
-
-[[package]]
-name = "fnv"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
-
-[[package]]
-name = "foldhash"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f"
-
-[[package]]
-name = "form_urlencoded"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
-dependencies = [
- "percent-encoding",
-]
-
-[[package]]
-name = "funty"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"
-
-[[package]]
-name = "futures-channel"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
-dependencies = [
- "futures-core",
-]
-
-[[package]]
-name = "futures-core"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
-
-[[package]]
-name = "futures-sink"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
-
-[[package]]
-name = "futures-task"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
-
-[[package]]
-name = "futures-util"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
-dependencies = [
- "futures-core",
- "futures-task",
- "pin-project-lite",
- "pin-utils",
-]
-
-[[package]]
-name = "gcd"
-version = "2.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d758ba1b47b00caf47f24925c0074ecb20d6dfcffe7f6d53395c0465674841a"
-
-[[package]]
-name = "generic-array"
-version = "0.14.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
-dependencies = [
- "typenum",
- "version_check",
- "zeroize",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.13.3+wasi-0.2.2",
- "windows-targets",
-]
-
-[[package]]
-name = "getset"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eded738faa0e88d3abc9d1a13cb11adc2073c400969eeb8793cf7132589959fc"
-dependencies = [
- "proc-macro-error2",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "gimli"
-version = "0.31.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
-
-[[package]]
-name = "git2"
-version = "0.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b903b73e45dc0c6c596f2d37eccece7c1c8bb6e4407b001096387c63d0d93724"
-dependencies = [
- "bitflags",
- "libc",
- "libgit2-sys",
- "log",
- "url",
-]
-
-[[package]]
-name = "glam"
-version = "0.30.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17fcdf9683c406c2fc4d124afd29c0d595e22210d633cbdb8695ba9935ab1dc6"
-
-[[package]]
-name = "glob"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
-
-[[package]]
-name = "group"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
-dependencies = [
- "ff 0.12.1",
- "memuse",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "group"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
-dependencies = [
- "ff 0.13.0",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "h2"
-version = "0.3.26"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
-dependencies = [
- "bytes",
- "fnv",
- "futures-core",
- "futures-sink",
- "futures-util",
- "http 0.2.12",
- "indexmap 2.7.1",
- "slab",
- "tokio",
- "tokio-util",
- "tracing",
-]
-
-[[package]]
-name = "half"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888"
-dependencies = [
- "cfg-if",
- "crunchy",
-]
-
-[[package]]
-name = "halo2"
-version = "0.1.0-beta.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a23c779b38253fe1538102da44ad5bd5378495a61d2c4ee18d64eaa61ae5995"
-dependencies = [
- "halo2_proofs",
-]
-
-[[package]]
-name = "halo2-axiom"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62f0ca78d12ac5c893f286d7cdfe3869290305ab8cac376e2592cdc8396da102"
-dependencies = [
- "blake2b_simd",
- "crossbeam",
- "ff 0.13.0",
- "group 0.13.0",
- "halo2curves-axiom",
- "itertools 0.11.0",
- "maybe-rayon",
- "pairing 0.23.0",
- "rand",
- "rand_core",
- "rayon",
- "rustc-hash 1.1.0",
- "sha3",
- "tracing",
-]
-
-[[package]]
-name = "halo2-base"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "678cf3adc0a39d7b4d9b82315a655201aa24a430dd1902b162c508047f56ac69"
-dependencies = [
- "getset",
- "halo2-axiom",
- "itertools 0.11.0",
- "log",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "poseidon-primitives",
- "rand_chacha",
- "rayon",
- "rustc-hash 1.1.0",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "halo2-ecc"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "645c00681fdd1febaf552d8814e9f5a6a142d81a1514102190da07039588b366"
-dependencies = [
- "halo2-base",
- "itertools 0.11.0",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "rand",
- "rand_chacha",
- "rand_core",
- "rayon",
- "serde",
- "serde_json",
- "test-case",
-]
-
-[[package]]
-name = "halo2_proofs"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e925780549adee8364c7f2b685c753f6f3df23bde520c67416e93bf615933760"
-dependencies = [
- "blake2b_simd",
- "ff 0.12.1",
- "group 0.12.1",
- "pasta_curves 0.4.1",
- "rand_core",
- "rayon",
-]
-
-[[package]]
-name = "halo2curves"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b756596082144af6e57105a20403b7b80fe9dccd085700b74fae3af523b74dba"
-dependencies = [
- "blake2",
- "digest 0.10.7",
- "ff 0.13.0",
- "group 0.13.0",
- "halo2derive",
- "hex",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "pairing 0.23.0",
- "paste",
- "rand",
- "rand_core",
- "rayon",
- "serde",
- "serde_arrays",
- "sha2",
- "static_assertions",
- "subtle",
- "unroll",
-]
-
-[[package]]
-name = "halo2curves-axiom"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd8309e4638b4f1bcf6613d72265a84074d26034c35edc5d605b5688e580b8b8"
-dependencies = [
- "blake2b_simd",
- "digest 0.10.7",
- "ff 0.13.0",
- "group 0.13.0",
- "hex",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-traits",
- "pairing 0.23.0",
- "pasta_curves 0.5.1",
- "paste",
- "rand",
- "rand_core",
- "rayon",
- "serde",
- "serde_arrays",
- "sha2",
- "static_assertions",
- "subtle",
- "unroll",
-]
-
-[[package]]
-name = "halo2derive"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bdb99e7492b4f5ff469d238db464131b86c2eaac814a78715acba369f64d2c76"
-dependencies = [
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "hashbrown"
-version = "0.12.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
-
-[[package]]
-name = "hashbrown"
-version = "0.14.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
-dependencies = [
- "ahash",
-]
-
-[[package]]
-name = "hashbrown"
-version = "0.15.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
-dependencies = [
- "allocator-api2",
- "equivalent",
- "foldhash",
-]
-
-[[package]]
-name = "heck"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
-
-[[package]]
-name = "hermit-abi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
-
-[[package]]
-name = "hermit-abi"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc"
-
-[[package]]
-name = "hex"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "hex-literal"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46"
-
-[[package]]
-name = "hmac"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
-dependencies = [
- "digest 0.10.7",
-]
-
-[[package]]
-name = "http"
-version = "0.2.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1"
-dependencies = [
- "bytes",
- "fnv",
- "itoa",
-]
-
-[[package]]
-name = "http"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
-dependencies = [
- "bytes",
- "fnv",
- "itoa",
-]
-
-[[package]]
-name = "http-body"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2"
-dependencies = [
- "bytes",
- "http 0.2.12",
- "pin-project-lite",
-]
-
-[[package]]
-name = "http-body"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
-dependencies = [
- "bytes",
- "http 1.2.0",
-]
-
-[[package]]
-name = "http-body-util"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f"
-dependencies = [
- "bytes",
- "futures-util",
- "http 1.2.0",
- "http-body 1.0.1",
- "pin-project-lite",
-]
-
-[[package]]
-name = "httparse"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2d708df4e7140240a16cd6ab0ab65c972d7433ab77819ea693fde9c43811e2a"
-
-[[package]]
-name = "httpdate"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
-
-[[package]]
-name = "hyper"
-version = "0.14.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7"
-dependencies = [
- "bytes",
- "futures-channel",
- "futures-core",
- "futures-util",
- "h2",
- "http 0.2.12",
- "http-body 0.4.6",
- "httparse",
- "httpdate",
- "itoa",
- "pin-project-lite",
- "socket2",
- "tokio",
- "tower-service",
- "tracing",
- "want",
-]
-
-[[package]]
-name = "hyper-rustls"
-version = "0.24.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
-dependencies = [
- "futures-util",
- "http 0.2.12",
- "hyper",
- "log",
- "rustls",
- "rustls-native-certs",
- "tokio",
- "tokio-rustls",
-]
-
-[[package]]
-name = "iana-time-zone"
-version = "0.1.61"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
-dependencies = [
- "android_system_properties",
- "core-foundation-sys",
- "iana-time-zone-haiku",
- "js-sys",
- "wasm-bindgen",
- "windows-core",
-]
-
-[[package]]
-name = "iana-time-zone-haiku"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
-dependencies = [
- "cc",
-]
-
-[[package]]
-name = "icu_collections"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526"
-dependencies = [
- "displaydoc",
- "yoke",
- "zerofrom",
- "zerovec",
-]
-
-[[package]]
-name = "icu_locid"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637"
-dependencies = [
- "displaydoc",
- "litemap",
- "tinystr",
- "writeable",
- "zerovec",
-]
-
-[[package]]
-name = "icu_locid_transform"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e"
-dependencies = [
- "displaydoc",
- "icu_locid",
- "icu_locid_transform_data",
- "icu_provider",
- "tinystr",
- "zerovec",
-]
-
-[[package]]
-name = "icu_locid_transform_data"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e"
-
-[[package]]
-name = "icu_normalizer"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f"
-dependencies = [
- "displaydoc",
- "icu_collections",
- "icu_normalizer_data",
- "icu_properties",
- "icu_provider",
- "smallvec",
- "utf16_iter",
- "utf8_iter",
- "write16",
- "zerovec",
-]
-
-[[package]]
-name = "icu_normalizer_data"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516"
-
-[[package]]
-name = "icu_properties"
-version = "1.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5"
-dependencies = [
- "displaydoc",
- "icu_collections",
- "icu_locid_transform",
- "icu_properties_data",
- "icu_provider",
- "tinystr",
- "zerovec",
-]
-
-[[package]]
-name = "icu_properties_data"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569"
-
-[[package]]
-name = "icu_provider"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9"
-dependencies = [
- "displaydoc",
- "icu_locid",
- "icu_provider_macros",
- "stable_deref_trait",
- "tinystr",
- "writeable",
- "yoke",
- "zerofrom",
- "zerovec",
-]
-
-[[package]]
-name = "icu_provider_macros"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "ident_case"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
-
-[[package]]
-name = "idna"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
-dependencies = [
- "idna_adapter",
- "smallvec",
- "utf8_iter",
-]
-
-[[package]]
-name = "idna_adapter"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
-dependencies = [
- "icu_normalizer",
- "icu_properties",
-]
-
-[[package]]
-name = "impl-codec"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba6a270039626615617f3f36d15fc827041df3b78c439da2cadfa47455a77f2f"
-dependencies = [
- "parity-scale-codec",
-]
-
-[[package]]
-name = "impl-trait-for-tuples"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0eb5a3343abf848c0984fe4604b2b105da9539376e24fc0a3b0007411ae4fd9"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "indenter"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce23b50ad8242c51a442f3ff322d56b02f08852c77e4c0b4d3fd684abc89c683"
-
-[[package]]
-name = "indexmap"
-version = "1.9.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
-dependencies = [
- "autocfg",
- "hashbrown 0.12.3",
- "serde",
-]
-
-[[package]]
-name = "indexmap"
-version = "2.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652"
-dependencies = [
- "equivalent",
- "hashbrown 0.15.2",
- "serde",
-]
-
-[[package]]
-name = "is-terminal"
-version = "0.4.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e19b23d53f35ce9f56aebc7d1bb4e6ac1e9c0db7ac85c8d1760c04379edced37"
-dependencies = [
- "hermit-abi 0.4.0",
- "libc",
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "is_terminal_polyfill"
-version = "1.70.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
-
-[[package]]
-name = "itertools"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
-dependencies = [
- "either",
-]
-
-[[package]]
-name = "itertools"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57"
-dependencies = [
- "either",
-]
-
-[[package]]
-name = "itertools"
-version = "0.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285"
-dependencies = [
- "either",
-]
-
-[[package]]
-name = "itoa"
-version = "1.0.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
-
-[[package]]
-name = "jobserver"
-version = "0.1.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "js-sys"
-version = "0.3.77"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
-dependencies = [
- "once_cell",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "jubjub"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a575df5f985fe1cd5b2b05664ff6accfc46559032b954529fd225a2168d27b0f"
-dependencies = [
- "bitvec",
- "bls12_381",
- "ff 0.12.1",
- "group 0.12.1",
- "rand_core",
- "subtle",
-]
-
-[[package]]
-name = "k256"
-version = "0.13.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b"
-dependencies = [
- "cfg-if",
- "ecdsa 0.16.9",
- "elliptic-curve 0.13.8",
- "once_cell",
- "sha2",
-]
-
-[[package]]
-name = "keccak"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
-dependencies = [
- "cpufeatures",
-]
-
-[[package]]
-name = "keccak-asm"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "505d1856a39b200489082f90d897c3f07c455563880bc5952e38eabf731c83b6"
-dependencies = [
- "digest 0.10.7",
- "sha3-asm",
-]
-
-[[package]]
-name = "lazy_static"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
-dependencies = [
- "spin",
-]
-
-[[package]]
-name = "libc"
-version = "0.2.169"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
-
-[[package]]
-name = "libgit2-sys"
-version = "0.17.0+1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10472326a8a6477c3c20a64547b0059e4b0d086869eee31e6d7da728a8eb7224"
-dependencies = [
- "cc",
- "libc",
- "libz-sys",
- "pkg-config",
-]
-
-[[package]]
-name = "libm"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
-
-[[package]]
-name = "libmimalloc-sys"
-version = "0.1.39"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44"
-dependencies = [
- "cc",
- "libc",
-]
-
-[[package]]
-name = "libz-sys"
-version = "1.1.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df9b68e50e6e0b26f672573834882eb57759f6db9b3be2ea3c35c91188bb4eaa"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
- "vcpkg",
-]
-
-[[package]]
-name = "linked_list_allocator"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9afa463f5405ee81cdb9cc2baf37e08ec7e4c8209442b5d72c04cfb2cd6e6286"
-
-[[package]]
-name = "linux-raw-sys"
-version = "0.4.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
-
-[[package]]
-name = "litemap"
-version = "0.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104"
-
-[[package]]
-name = "lockfree-object-pool"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9374ef4228402d4b7e403e5838cb880d9ee663314b0a900d5a6aabf0c213552e"
-
-[[package]]
-name = "log"
-version = "0.4.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
-
-[[package]]
-name = "lru"
-version = "0.12.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
-dependencies = [
- "hashbrown 0.15.2",
-]
-
-[[package]]
-name = "matchers"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
-dependencies = [
- "regex-automata 0.1.10",
-]
-
-[[package]]
-name = "maybe-rayon"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ea1f30cedd69f0a2954655f7188c6a834246d2bcf1e315e2ac40c4b24dc9519"
-dependencies = [
- "cfg-if",
- "rayon",
-]
-
-[[package]]
-name = "md-5"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
-dependencies = [
- "cfg-if",
- "digest 0.10.7",
-]
-
-[[package]]
-name = "memchr"
-version = "2.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
-
-[[package]]
-name = "memmap2"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd3f7eed9d3848f8b98834af67102b720745c4ec028fcd0aa0239277e7de374f"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "memuse"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d97bbf43eb4f088f8ca469930cde17fa036207c9a5e02ccc5107c4e8b17c964"
-
-[[package]]
-name = "metrics"
-version = "0.23.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "884adb57038347dfbaf2d5065887b6cf4312330dc8e94bc30a1a839bd79d3261"
-dependencies = [
- "ahash",
- "portable-atomic",
-]
-
-[[package]]
-name = "metrics-tracing-context"
-version = "0.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62a6a1f7141f1d9bc7a886b87536bbfc97752e08b369e1e0453a9acfab5f5da4"
-dependencies = [
- "indexmap 2.7.1",
- "itoa",
- "lockfree-object-pool",
- "metrics",
- "metrics-util",
- "once_cell",
- "tracing",
- "tracing-core",
- "tracing-subscriber",
-]
-
-[[package]]
-name = "metrics-util"
-version = "0.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4259040465c955f9f2f1a4a8a16dc46726169bca0f88e8fb2dbeced487c3e828"
-dependencies = [
- "aho-corasick",
- "crossbeam-epoch",
- "crossbeam-utils",
- "hashbrown 0.14.5",
- "indexmap 2.7.1",
- "metrics",
- "num_cpus",
- "ordered-float",
- "quanta",
- "radix_trie",
- "sketches-ddsketch",
-]
-
-[[package]]
-name = "mimalloc"
-version = "0.1.43"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633"
-dependencies = [
- "libmimalloc-sys",
-]
-
-[[package]]
-name = "miniz_oxide"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3b1c9bd4fe1f0f8b387f6eb9eb3b4a1aa26185e5750efb9140301703f62cd1b"
-dependencies = [
- "adler2",
-]
-
-[[package]]
-name = "mio"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
-dependencies = [
- "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "nibble_vec"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a5d83df9f36fe23f0c3648c6bbb8b0298bb5f1939c8f2704431371f4b84d43"
-dependencies = [
- "smallvec",
-]
-
-[[package]]
-name = "nu-ansi-term"
-version = "0.46.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
-dependencies = [
- "overload",
- "winapi",
-]
-
-[[package]]
-name = "num"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23"
-dependencies = [
- "num-bigint 0.4.6",
- "num-complex",
- "num-integer",
- "num-iter",
- "num-rational",
- "num-traits",
-]
-
-[[package]]
-name = "num-bigint"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "num-bigint"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
-dependencies = [
- "num-integer",
- "num-traits",
- "rand",
- "serde",
-]
-
-[[package]]
-name = "num-complex"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "num-conv"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
-
-[[package]]
-name = "num-format"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a652d9771a63711fd3c3deb670acfbe5c30a4072e664d7a3bf5a9e1056ac72c3"
-dependencies = [
- "arrayvec",
- "itoa",
-]
-
-[[package]]
-name = "num-integer"
-version = "0.1.46"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "num-iter"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "num-rational"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824"
-dependencies = [
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "num-traits"
-version = "0.2.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
-dependencies = [
- "autocfg",
- "libm",
-]
-
-[[package]]
-name = "num_cpus"
-version = "1.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
-dependencies = [
- "hermit-abi 0.3.9",
- "libc",
-]
-
-[[package]]
-name = "num_threads"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "nums"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf3c74f925fb8cfc49a8022f2afce48a0683b70f9e439885594e84c5edbf5b01"
-dependencies = [
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "rand",
-]
-
-[[package]]
-name = "object"
-version = "0.36.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87"
-dependencies = [
- "memchr",
-]
-
-[[package]]
-name = "once_cell"
-version = "1.20.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
-
-[[package]]
-name = "oorandom"
-version = "11.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"
-
-[[package]]
-name = "openssl-probe"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
-
-[[package]]
-name = "openvm"
-version = "1.0.0"
-dependencies = [
- "bytemuck",
- "chrono",
- "num-bigint 0.4.6",
- "openvm-custom-insn",
- "openvm-platform",
- "openvm-rv32im-guest",
- "serde",
-]
-
-[[package]]
-name = "openvm-algebra-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "halo2curves-axiom",
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm-algebra-transpiler",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-mod-circuit-builder",
- "openvm-pairing-guest",
- "openvm-rv32-adapters",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde-big-array",
- "serde_with",
- "strum",
-]
-
-[[package]]
-name = "openvm-algebra-complex-macros"
-version = "0.1.0"
-dependencies = [
- "openvm-macros-common",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-algebra-guest"
-version = "1.0.0"
-dependencies = [
- "halo2curves-axiom",
- "num-bigint 0.4.6",
- "openvm-algebra-complex-macros",
- "openvm-algebra-moduli-macros",
- "serde-big-array",
- "strum_macros",
-]
-
-[[package]]
-name = "openvm-algebra-moduli-macros"
-version = "1.0.0"
-dependencies = [
- "openvm-macros-common",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-algebra-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "num-bigint 0.4.6",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-circuit",
- "openvm-ecc-circuit",
- "openvm-instructions",
- "openvm-rv32im-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
-]
-
-[[package]]
-name = "openvm-algebra-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-algebra-guest",
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-benchmarks"
-version = "1.0.0"
-dependencies = [
- "clap",
- "criterion",
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "eyre",
- "k256",
- "num-bigint 0.4.6",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-build",
- "openvm-circuit",
- "openvm-ecc-circuit",
- "openvm-ecc-transpiler",
- "openvm-keccak256-circuit",
- "openvm-keccak256-transpiler",
- "openvm-native-circuit",
- "openvm-native-compiler",
- "openvm-native-recursion",
- "openvm-pairing-circuit",
- "openvm-pairing-guest",
- "openvm-rv32im-circuit",
- "openvm-rv32im-transpiler",
- "openvm-sdk",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "openvm-transpiler",
- "rand_chacha",
- "serde",
- "tempfile",
- "tiny-keccak",
- "tokio",
- "tracing",
-]
-
-[[package]]
-name = "openvm-bigint-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "openvm-bigint-transpiler",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-rv32-adapters",
- "openvm-rv32im-circuit",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
-]
-
-[[package]]
-name = "openvm-bigint-guest"
-version = "1.0.0"
-dependencies = [
- "num-bigint 0.4.6",
- "num-traits",
- "openvm",
- "openvm-platform",
- "serde",
- "serde-big-array",
- "strum_macros",
-]
-
-[[package]]
-name = "openvm-bigint-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "openvm-bigint-circuit",
- "openvm-bigint-transpiler",
- "openvm-circuit",
- "openvm-instructions",
- "openvm-rv32im-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
-]
-
-[[package]]
-name = "openvm-bigint-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-bigint-guest",
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-build"
-version = "1.0.0"
-dependencies = [
- "cargo_metadata",
- "eyre",
- "openvm-platform",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "openvm-circuit"
-version = "1.0.0"
-dependencies = [
- "backtrace",
- "cfg-if",
- "derivative",
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "enum_dispatch",
- "eyre",
- "getset",
- "itertools 0.14.0",
- "metrics",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-native-circuit",
- "openvm-native-compiler",
- "openvm-poseidon2-air",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "p3-baby-bear",
- "rand",
- "rustc-hash 2.1.1",
- "serde",
- "serde-big-array",
- "static_assertions",
- "test-log",
- "thiserror 1.0.69",
- "tracing",
-]
-
-[[package]]
-name = "openvm-circuit-derive"
-version = "1.0.0"
-dependencies = [
- "itertools 0.14.0",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-circuit-primitives"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm-circuit-primitives-derive",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "test-case",
- "tracing",
-]
-
-[[package]]
-name = "openvm-circuit-primitives-derive"
-version = "1.0.0"
-dependencies = [
- "itertools 0.14.0",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-continuations"
-version = "1.0.0"
-dependencies = [
- "derivative",
- "openvm-circuit",
- "openvm-native-compiler",
- "openvm-native-recursion",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "serde",
- "static_assertions",
-]
-
-[[package]]
-name = "openvm-custom-insn"
-version = "0.1.0"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-ecc-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "eyre",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "once_cell",
- "openvm-algebra-circuit",
- "openvm-algebra-guest",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-ecc-guest",
- "openvm-ecc-transpiler",
- "openvm-instructions",
- "openvm-mod-circuit-builder",
- "openvm-rv32-adapters",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde_with",
- "strum",
-]
-
-[[package]]
-name = "openvm-ecc-guest"
-version = "1.0.0"
-dependencies = [
- "ecdsa 0.16.9",
- "elliptic-curve 0.13.8",
- "group 0.13.0",
- "halo2curves-axiom",
- "hex-literal",
- "k256",
- "lazy_static",
- "num-bigint 0.4.6",
- "once_cell",
- "openvm",
- "openvm-algebra-guest",
- "openvm-algebra-moduli-macros",
- "openvm-custom-insn",
- "openvm-ecc-sw-macros",
- "openvm-rv32im-guest",
- "p256 0.13.2",
- "serde",
- "strum_macros",
-]
-
-[[package]]
-name = "openvm-ecc-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "hex-literal",
- "num-bigint 0.4.6",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-circuit",
- "openvm-ecc-circuit",
- "openvm-ecc-guest",
- "openvm-ecc-transpiler",
- "openvm-keccak256-transpiler",
- "openvm-rv32im-transpiler",
- "openvm-sdk",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
-]
-
-[[package]]
-name = "openvm-ecc-sw-macros"
-version = "1.0.0"
-dependencies = [
- "openvm-macros-common",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-ecc-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-ecc-guest",
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-instructions"
-version = "1.0.0"
-dependencies = [
- "backtrace",
- "derive-new 0.6.0",
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm-instructions-derive",
- "openvm-stark-backend",
- "serde",
- "strum",
- "strum_macros",
-]
-
-[[package]]
-name = "openvm-instructions-derive"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "quote",
- "strum",
- "strum_macros",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-keccak256-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "hex",
- "itertools 0.14.0",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-keccak256-transpiler",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "p3-keccak-air",
- "rand",
- "serde",
- "serde-big-array",
- "strum",
- "tiny-keccak",
- "tracing",
-]
-
-[[package]]
-name = "openvm-keccak256-guest"
-version = "1.0.0"
-dependencies = [
- "openvm-platform",
- "tiny-keccak",
-]
-
-[[package]]
-name = "openvm-keccak256-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "openvm-circuit",
- "openvm-instructions",
- "openvm-keccak256-circuit",
- "openvm-keccak256-transpiler",
- "openvm-rv32im-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
-]
-
-[[package]]
-name = "openvm-keccak256-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-keccak256-guest",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-macros-common"
-version = "1.0.0"
-dependencies = [
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-mod-circuit-builder"
-version = "1.0.0"
-dependencies = [
- "halo2curves-axiom",
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm-circuit",
- "openvm-circuit-primitives",
- "openvm-instructions",
- "openvm-pairing-guest",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde_with",
- "tracing",
-]
-
-[[package]]
-name = "openvm-native-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "eyre",
- "itertools 0.14.0",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-native-compiler",
- "openvm-poseidon2-air",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde-big-array",
- "static_assertions",
- "strum",
- "tracing",
-]
-
-[[package]]
-name = "openvm-native-compiler"
-version = "1.0.0"
-dependencies = [
- "backtrace",
- "itertools 0.14.0",
- "metrics",
- "num-bigint 0.4.6",
- "num-integer",
- "openvm-circuit",
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-native-circuit",
- "openvm-native-compiler-derive",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "p3-symmetric",
- "rand",
- "serde",
- "snark-verifier-sdk",
- "strum",
- "strum_macros",
- "zkhash",
-]
-
-[[package]]
-name = "openvm-native-compiler-derive"
-version = "1.0.0"
-dependencies = [
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "openvm-native-recursion"
-version = "1.0.0"
-dependencies = [
- "bitcode",
- "cfg-if",
- "itertools 0.14.0",
- "lazy_static",
- "metrics",
- "once_cell",
- "openvm-circuit",
- "openvm-native-circuit",
- "openvm-native-compiler",
- "openvm-native-compiler-derive",
- "openvm-native-recursion",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "p3-dft",
- "p3-fri",
- "p3-merkle-tree",
- "p3-symmetric",
- "rand",
- "serde",
- "serde_json",
- "serde_with",
- "snark-verifier-sdk",
- "tempfile",
- "tracing",
-]
-
-[[package]]
-name = "openvm-native-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "openvm-transpiler",
- "p3-field",
-]
-
-[[package]]
-name = "openvm-pairing-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "eyre",
- "halo2curves-axiom",
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm-algebra-circuit",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-ecc-circuit",
- "openvm-ecc-guest",
- "openvm-instructions",
- "openvm-mod-circuit-builder",
- "openvm-pairing-guest",
- "openvm-pairing-transpiler",
- "openvm-rv32-adapters",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "strum",
-]
-
-[[package]]
-name = "openvm-pairing-guest"
-version = "1.0.0"
-dependencies = [
- "group 0.13.0",
- "halo2curves-axiom",
- "hex-literal",
- "itertools 0.14.0",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm",
- "openvm-algebra-complex-macros",
- "openvm-algebra-guest",
- "openvm-algebra-moduli-macros",
- "openvm-custom-insn",
- "openvm-ecc-guest",
- "openvm-ecc-sw-macros",
- "openvm-platform",
- "openvm-rv32im-guest",
- "rand",
- "serde",
- "strum_macros",
- "subtle",
-]
-
-[[package]]
-name = "openvm-pairing-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "num-bigint 0.4.6",
- "num-traits",
- "openvm",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-circuit",
- "openvm-ecc-circuit",
- "openvm-ecc-guest",
- "openvm-ecc-transpiler",
- "openvm-instructions",
- "openvm-pairing-circuit",
- "openvm-pairing-guest",
- "openvm-pairing-transpiler",
- "openvm-rv32im-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
- "rand",
-]
-
-[[package]]
-name = "openvm-pairing-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-pairing-guest",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-platform"
-version = "1.0.0"
-dependencies = [
- "critical-section",
- "embedded-alloc",
- "getrandom 0.2.15",
- "libm",
- "openvm-custom-insn",
- "openvm-rv32im-guest",
-]
-
-[[package]]
-name = "openvm-poseidon2-air"
-version = "1.0.0"
-dependencies = [
- "derivative",
- "lazy_static",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "p3-monty-31",
- "p3-poseidon2",
- "p3-poseidon2-air",
- "p3-symmetric",
- "rand",
- "zkhash",
-]
-
-[[package]]
-name = "openvm-prof"
-version = "1.0.0"
-dependencies = [
- "clap",
- "eyre",
- "itertools 0.14.0",
- "num-format",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "openvm-rv32-adapters"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "itertools 0.14.0",
- "openvm-circuit",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-rv32im-circuit",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde-big-array",
- "serde_with",
-]
-
-[[package]]
-name = "openvm-rv32im-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "eyre",
- "num-bigint 0.4.6",
- "num-integer",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "serde-big-array",
- "strum",
-]
-
-[[package]]
-name = "openvm-rv32im-guest"
-version = "1.0.0"
-dependencies = [
- "openvm-custom-insn",
- "strum_macros",
-]
-
-[[package]]
-name = "openvm-rv32im-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "openvm",
- "openvm-circuit",
- "openvm-instructions",
- "openvm-rv32im-circuit",
- "openvm-rv32im-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
- "serde",
- "test-case",
-]
-
-[[package]]
-name = "openvm-rv32im-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-rv32im-guest",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "serde",
- "strum",
- "tracing",
-]
-
-[[package]]
-name = "openvm-sdk"
-version = "1.0.0"
-dependencies = [
- "async-trait",
- "bitcode",
- "bon",
- "clap",
- "derivative",
- "derive_more 1.0.0",
- "eyre",
- "getset",
- "itertools 0.14.0",
- "metrics",
- "openvm",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-bigint-circuit",
- "openvm-bigint-transpiler",
- "openvm-build",
- "openvm-circuit",
- "openvm-continuations",
- "openvm-ecc-circuit",
- "openvm-ecc-transpiler",
- "openvm-keccak256-circuit",
- "openvm-keccak256-transpiler",
- "openvm-native-circuit",
- "openvm-native-compiler",
- "openvm-native-recursion",
- "openvm-pairing-circuit",
- "openvm-pairing-transpiler",
- "openvm-rv32im-circuit",
- "openvm-rv32im-transpiler",
- "openvm-sha256-circuit",
- "openvm-sha256-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "openvm-transpiler",
- "p3-fri",
- "serde",
- "serde_json",
- "serde_with",
- "thiserror 1.0.69",
- "tracing",
-]
-
-[[package]]
-name = "openvm-sha256-air"
-version = "1.0.0"
-dependencies = [
- "openvm-circuit",
- "openvm-circuit-primitives",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "sha2",
-]
-
-[[package]]
-name = "openvm-sha256-circuit"
-version = "1.0.0"
-dependencies = [
- "derive-new 0.6.0",
- "derive_more 1.0.0",
- "openvm-circuit",
- "openvm-circuit-derive",
- "openvm-circuit-primitives",
- "openvm-circuit-primitives-derive",
- "openvm-instructions",
- "openvm-rv32im-circuit",
- "openvm-sha256-air",
- "openvm-sha256-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "rand",
- "serde",
- "sha2",
- "strum",
-]
-
-[[package]]
-name = "openvm-sha256-guest"
-version = "1.0.0"
-dependencies = [
- "openvm-platform",
- "sha2",
-]
-
-[[package]]
-name = "openvm-sha256-integration-tests"
-version = "1.0.0"
-dependencies = [
- "eyre",
- "openvm-circuit",
- "openvm-instructions",
- "openvm-rv32im-transpiler",
- "openvm-sha256-circuit",
- "openvm-sha256-transpiler",
- "openvm-stark-sdk",
- "openvm-toolchain-tests",
- "openvm-transpiler",
-]
-
-[[package]]
-name = "openvm-sha256-transpiler"
-version = "1.0.0"
-dependencies = [
- "openvm-instructions",
- "openvm-instructions-derive",
- "openvm-sha256-guest",
- "openvm-stark-backend",
- "openvm-transpiler",
- "rrs-lib",
- "strum",
-]
-
-[[package]]
-name = "openvm-stark-backend"
-version = "1.0.0"
-source = "git+https://github.com/openvm-org/stark-backend.git?tag=v1.0.0#884f8e6aabf72bde00dc51f1f1121277bff73b1e"
-dependencies = [
- "bitcode",
- "cfg-if",
- "derivative",
- "derive-new 0.7.0",
- "itertools 0.14.0",
- "metrics",
- "mimalloc",
- "p3-air",
- "p3-challenger",
- "p3-commit",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-uni-stark",
- "p3-util",
- "rayon",
- "rustc-hash 2.1.1",
- "serde",
- "thiserror 1.0.69",
- "tikv-jemallocator",
- "tracing",
-]
-
-[[package]]
-name = "openvm-stark-sdk"
-version = "1.0.0"
-source = "git+https://github.com/openvm-org/stark-backend.git?tag=v1.0.0#884f8e6aabf72bde00dc51f1f1121277bff73b1e"
-dependencies = [
- "derivative",
- "derive_more 0.99.19",
- "ff 0.13.0",
- "itertools 0.14.0",
- "metrics",
- "metrics-tracing-context",
- "metrics-util",
- "openvm-stark-backend",
- "p3-baby-bear",
- "p3-blake3",
- "p3-bn254-fr",
- "p3-dft",
- "p3-fri",
- "p3-goldilocks",
- "p3-keccak",
- "p3-merkle-tree",
- "p3-poseidon",
- "p3-poseidon2",
- "p3-symmetric",
- "rand",
- "serde",
- "serde_json",
- "static_assertions",
- "toml",
- "tracing",
- "tracing-forest",
- "tracing-subscriber",
- "zkhash",
-]
-
-[[package]]
-name = "openvm-toolchain-tests"
-version = "1.0.0"
-dependencies = [
- "derive_more 1.0.0",
- "eyre",
- "num-bigint 0.4.6",
- "openvm-algebra-circuit",
- "openvm-algebra-transpiler",
- "openvm-bigint-circuit",
- "openvm-build",
- "openvm-circuit",
- "openvm-ecc-guest",
- "openvm-instructions",
- "openvm-platform",
- "openvm-rv32im-circuit",
- "openvm-rv32im-transpiler",
- "openvm-stark-backend",
- "openvm-stark-sdk",
- "openvm-transpiler",
- "serde",
- "tempfile",
- "test-case",
-]
-
-[[package]]
-name = "openvm-transpiler"
-version = "1.0.0"
-dependencies = [
- "elf",
- "eyre",
- "openvm-instructions",
- "openvm-platform",
- "openvm-stark-backend",
- "rrs-lib",
- "thiserror 1.0.69",
-]
-
-[[package]]
-name = "ordered-float"
-version = "4.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7bb71e1b3fa6ca1c61f383464aaf2bb0e2f8e772a1f01d486832464de363b951"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "outref"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e"
-
-[[package]]
-name = "overload"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
-
-[[package]]
-name = "p256"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
-dependencies = [
- "ecdsa 0.14.8",
- "elliptic-curve 0.12.3",
- "sha2",
-]
-
-[[package]]
-name = "p256"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
-dependencies = [
- "elliptic-curve 0.13.8",
-]
-
-[[package]]
-name = "p3-air"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-field",
- "p3-matrix",
-]
-
-[[package]]
-name = "p3-baby-bear"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-field",
- "p3-mds",
- "p3-monty-31",
- "p3-poseidon2",
- "p3-symmetric",
- "rand",
- "serde",
-]
-
-[[package]]
-name = "p3-blake3"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "blake3",
- "p3-symmetric",
- "p3-util",
-]
-
-[[package]]
-name = "p3-bn254-fr"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "ff 0.13.0",
- "halo2curves",
- "num-bigint 0.4.6",
- "p3-field",
- "p3-poseidon2",
- "p3-symmetric",
- "rand",
- "serde",
-]
-
-[[package]]
-name = "p3-challenger"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-field",
- "p3-maybe-rayon",
- "p3-symmetric",
- "p3-util",
- "tracing",
-]
-
-[[package]]
-name = "p3-commit"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-challenger",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-util",
- "serde",
-]
-
-[[package]]
-name = "p3-dft"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-util",
- "tracing",
-]
-
-[[package]]
-name = "p3-field"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "nums",
- "p3-maybe-rayon",
- "p3-util",
- "rand",
- "serde",
- "tracing",
-]
-
-[[package]]
-name = "p3-fri"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-challenger",
- "p3-commit",
- "p3-dft",
- "p3-field",
- "p3-interpolation",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-util",
- "rand",
- "serde",
- "tracing",
-]
-
-[[package]]
-name = "p3-goldilocks"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "num-bigint 0.4.6",
- "p3-dft",
- "p3-field",
- "p3-mds",
- "p3-poseidon",
- "p3-poseidon2",
- "p3-symmetric",
- "p3-util",
- "rand",
- "serde",
-]
-
-[[package]]
-name = "p3-interpolation"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-util",
-]
-
-[[package]]
-name = "p3-keccak"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-field",
- "p3-symmetric",
- "p3-util",
- "tiny-keccak",
-]
-
-[[package]]
-name = "p3-keccak-air"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-air",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-util",
- "rand",
- "tracing",
-]
-
-[[package]]
-name = "p3-matrix"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-field",
- "p3-maybe-rayon",
- "p3-util",
- "rand",
- "serde",
- "tracing",
- "transpose",
-]
-
-[[package]]
-name = "p3-maybe-rayon"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "rayon",
-]
-
-[[package]]
-name = "p3-mds"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-symmetric",
- "p3-util",
- "rand",
-]
-
-[[package]]
-name = "p3-merkle-tree"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-commit",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-symmetric",
- "p3-util",
- "rand",
- "serde",
- "tracing",
-]
-
-[[package]]
-name = "p3-monty-31"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "num-bigint 0.4.6",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-mds",
- "p3-poseidon2",
- "p3-symmetric",
- "p3-util",
- "rand",
- "serde",
- "tracing",
- "transpose",
-]
-
-[[package]]
-name = "p3-poseidon"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-field",
- "p3-mds",
- "p3-symmetric",
- "rand",
-]
-
-[[package]]
-name = "p3-poseidon2"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "gcd",
- "p3-field",
- "p3-mds",
- "p3-symmetric",
- "rand",
-]
-
-[[package]]
-name = "p3-poseidon2-air"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "p3-air",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-poseidon2",
- "p3-util",
- "rand",
- "tikv-jemallocator",
- "tracing",
-]
-
-[[package]]
-name = "p3-symmetric"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-field",
- "serde",
-]
-
-[[package]]
-name = "p3-uni-stark"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "itertools 0.14.0",
- "p3-air",
- "p3-challenger",
- "p3-commit",
- "p3-dft",
- "p3-field",
- "p3-matrix",
- "p3-maybe-rayon",
- "p3-util",
- "serde",
- "tracing",
-]
-
-[[package]]
-name = "p3-util"
-version = "0.1.0"
-source = "git+https://github.com/Plonky3/Plonky3.git?rev=1ba4e5c#1ba4e5c40417f4f7aae86bcca56b6484b4b2490b"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "pairing"
-version = "0.22.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "135590d8bdba2b31346f9cd1fb2a912329f5135e832a4f422942eb6ead8b6b3b"
-dependencies = [
- "group 0.12.1",
-]
-
-[[package]]
-name = "pairing"
-version = "0.23.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81fec4625e73cf41ef4bb6846cafa6d44736525f442ba45e407c4a000a13996f"
-dependencies = [
- "group 0.13.0",
-]
-
-[[package]]
-name = "parity-scale-codec"
-version = "3.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9fde3d0718baf5bc92f577d652001da0f8d54cd03a7974e118d04fc888dc23d"
-dependencies = [
- "arrayvec",
- "bitvec",
- "byte-slice-cast",
- "const_format",
- "impl-trait-for-tuples",
- "parity-scale-codec-derive",
- "rustversion",
- "serde",
-]
-
-[[package]]
-name = "parity-scale-codec-derive"
-version = "3.7.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "581c837bb6b9541ce7faa9377c20616e4fb7650f6b0f68bc93c827ee504fb7b3"
-dependencies = [
- "proc-macro-crate",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "pasta_curves"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cc65faf8e7313b4b1fbaa9f7ca917a0eed499a9663be71477f87993604341d8"
-dependencies = [
- "blake2b_simd",
- "ff 0.12.1",
- "group 0.12.1",
- "lazy_static",
- "rand",
- "static_assertions",
- "subtle",
-]
-
-[[package]]
-name = "pasta_curves"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095"
-dependencies = [
- "blake2b_simd",
- "ff 0.13.0",
- "group 0.13.0",
- "lazy_static",
- "rand",
- "static_assertions",
- "subtle",
-]
-
-[[package]]
-name = "paste"
-version = "1.0.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
-
-[[package]]
-name = "percent-encoding"
-version = "2.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
-
-[[package]]
-name = "pest"
-version = "2.7.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc"
-dependencies = [
- "memchr",
- "thiserror 2.0.11",
- "ucd-trie",
-]
-
-[[package]]
-name = "pin-project-lite"
-version = "0.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
-
-[[package]]
-name = "pin-utils"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-
-[[package]]
-name = "pkcs8"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
-dependencies = [
- "der 0.6.1",
- "spki 0.6.0",
-]
-
-[[package]]
-name = "pkcs8"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
-dependencies = [
- "der 0.7.9",
- "spki 0.7.3",
-]
-
-[[package]]
-name = "pkg-config"
-version = "0.3.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
-
-[[package]]
-name = "plotters"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747"
-dependencies = [
- "num-traits",
- "plotters-backend",
- "plotters-svg",
- "wasm-bindgen",
- "web-sys",
-]
-
-[[package]]
-name = "plotters-backend"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a"
-
-[[package]]
-name = "plotters-svg"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670"
-dependencies = [
- "plotters-backend",
-]
-
-[[package]]
-name = "portable-atomic"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "280dc24453071f1b63954171985a0b0d30058d287960968b9b2aca264c8d4ee6"
-
-[[package]]
-name = "poseidon-primitives"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e4aaeda7a092e21165cc5f0cbc738e72a46f31c03c3cbd87b71ceae9d2d93bc"
-dependencies = [
- "bitvec",
- "ff 0.13.0",
- "lazy_static",
- "log",
- "rand",
- "rand_xorshift",
- "thiserror 1.0.69",
-]
-
-[[package]]
-name = "powerfmt"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
-
-[[package]]
-name = "ppv-lite86"
-version = "0.2.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
-dependencies = [
- "zerocopy",
-]
-
-[[package]]
-name = "prettyplease"
-version = "0.2.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac"
-dependencies = [
- "proc-macro2",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "primitive-types"
-version = "0.12.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b34d9fd68ae0b74a41b21c03c2f62847aa0ffea044eee893b4c140b37e244e2"
-dependencies = [
- "fixed-hash",
- "impl-codec",
- "uint",
-]
-
-[[package]]
-name = "proc-macro-crate"
-version = "3.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecf48c7ca261d60b74ab1a7b20da18bede46776b2e55535cb958eb595c5fa7b"
-dependencies = [
- "toml_edit",
-]
-
-[[package]]
-name = "proc-macro-error-attr2"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
-dependencies = [
- "proc-macro2",
- "quote",
-]
-
-[[package]]
-name = "proc-macro-error2"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
-dependencies = [
- "proc-macro-error-attr2",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.93"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "proptest"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d"
-dependencies = [
- "bit-set",
- "bit-vec",
- "bitflags",
- "lazy_static",
- "num-traits",
- "rand",
- "rand_chacha",
- "rand_xorshift",
- "regex-syntax 0.8.5",
- "rusty-fork",
- "tempfile",
- "unarray",
-]
-
-[[package]]
-name = "quanta"
-version = "0.12.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3bd1fe6824cea6538803de3ff1bc0cf3949024db3d43c9643024bfb33a807c0e"
-dependencies = [
- "crossbeam-utils",
- "libc",
- "once_cell",
- "raw-cpuid",
- "wasi 0.11.0+wasi-snapshot-preview1",
- "web-sys",
- "winapi",
-]
-
-[[package]]
-name = "quick-error"
-version = "1.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
-
-[[package]]
-name = "quote"
-version = "1.0.38"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "radium"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
-
-[[package]]
-name = "radix_trie"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c069c179fcdc6a2fe24d8d18305cf085fdbd4f922c041943e203685d6a1c58fd"
-dependencies = [
- "endian-type",
- "nibble_vec",
-]
-
-[[package]]
-name = "rand"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
-dependencies = [
- "libc",
- "rand_chacha",
- "rand_core",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom 0.2.15",
-]
-
-[[package]]
-name = "rand_xorshift"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f"
-dependencies = [
- "rand_core",
-]
-
-[[package]]
-name = "raw-cpuid"
-version = "11.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "529468c1335c1c03919960dfefdb1b3648858c20d7ec2d0663e728e4a717efbc"
-dependencies = [
- "bitflags",
-]
-
-[[package]]
-name = "rayon"
-version = "1.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa"
-dependencies = [
- "either",
- "rayon-core",
-]
-
-[[package]]
-name = "rayon-core"
-version = "1.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2"
-dependencies = [
- "crossbeam-deque",
- "crossbeam-utils",
-]
-
-[[package]]
-name = "regex"
-version = "1.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
-dependencies = [
- "aho-corasick",
- "memchr",
- "regex-automata 0.4.9",
- "regex-syntax 0.8.5",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-dependencies = [
- "regex-syntax 0.6.29",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
-dependencies = [
- "aho-corasick",
- "memchr",
- "regex-syntax 0.8.5",
-]
-
-[[package]]
-name = "regex-lite"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a"
-
-[[package]]
-name = "regex-syntax"
-version = "0.6.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
-
-[[package]]
-name = "regex-syntax"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
-
-[[package]]
-name = "revm"
-version = "18.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15689a3c6a8d14b647b4666f2e236ef47b5a5133cdfd423f545947986fff7013"
-dependencies = [
- "auto_impl",
- "cfg-if",
- "dyn-clone",
- "revm-interpreter",
- "revm-precompile",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "revm-interpreter"
-version = "14.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74e3f11d0fed049a4a10f79820c59113a79b38aed4ebec786a79d5c667bfeb51"
-dependencies = [
- "revm-primitives",
- "serde",
-]
-
-[[package]]
-name = "revm-precompile"
-version = "15.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e381060af24b750069a2b2d2c54bba273d84e8f5f9e8026fc9262298e26cc336"
-dependencies = [
- "aurora-engine-modexp",
- "blst",
- "c-kzg",
- "cfg-if",
- "k256",
- "once_cell",
- "revm-primitives",
- "ripemd",
- "secp256k1",
- "sha2",
- "substrate-bn",
-]
-
-[[package]]
-name = "revm-primitives"
-version = "14.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3702f132bb484f4f0d0ca4f6fbde3c82cfd745041abbedd6eda67730e1868ef0"
-dependencies = [
- "alloy-eip2930",
- "alloy-eip7702",
- "alloy-primitives",
- "auto_impl",
- "bitflags",
- "bitvec",
- "c-kzg",
- "cfg-if",
- "dyn-clone",
- "enumn",
- "hex",
- "serde",
-]
-
-[[package]]
-name = "rfc6979"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
-dependencies = [
- "crypto-bigint 0.4.9",
- "hmac",
- "zeroize",
-]
-
-[[package]]
-name = "rfc6979"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
-dependencies = [
- "hmac",
- "subtle",
-]
-
-[[package]]
-name = "ring"
-version = "0.17.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70ac5d832aa16abd7d1def883a8545280c20a60f523a370aa3a9617c2b8550ee"
-dependencies = [
- "cc",
- "cfg-if",
- "getrandom 0.2.15",
- "libc",
- "untrusted",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "ripemd"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f"
-dependencies = [
- "digest 0.10.7",
-]
-
-[[package]]
-name = "rlp"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb919243f34364b6bd2fc10ef797edbfa75f33c252e7998527479c6d6b47e1ec"
-dependencies = [
- "bytes",
- "rustc-hex",
-]
-
-[[package]]
-name = "rlsf"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "222fb240c3286247ecdee6fa5341e7cdad0ffdf8e7e401d9937f2d58482a20bf"
-dependencies = [
- "cfg-if",
- "const-default",
- "libc",
- "svgbobdoc",
-]
-
-[[package]]
-name = "rrs-lib"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4382d3af3a4ebdae7f64ba6edd9114fff92c89808004c4943b393377a25d001"
-dependencies = [
- "downcast-rs",
- "paste",
-]
-
-[[package]]
-name = "ruint"
-version = "1.12.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f5ef8fb1dd8de3870cb8400d51b4c2023854bbafd5431a3ac7e7317243e22d2f"
-dependencies = [
- "alloy-rlp",
- "ark-ff 0.3.0",
- "ark-ff 0.4.2",
- "bytes",
- "fastrlp 0.3.1",
- "fastrlp 0.4.0",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "parity-scale-codec",
- "primitive-types",
- "proptest",
- "rand",
- "rlp",
- "ruint-macro",
- "serde",
- "valuable",
- "zeroize",
-]
-
-[[package]]
-name = "ruint-macro"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48fd7bd8a6377e15ad9d42a8ec25371b94ddc67abe7c8b9127bec79bebaaae18"
-
-[[package]]
-name = "rustc-demangle"
-version = "0.1.24"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
-
-[[package]]
-name = "rustc-hash"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
-
-[[package]]
-name = "rustc-hash"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
-
-[[package]]
-name = "rustc-hex"
-version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6"
-
-[[package]]
-name = "rustc_version"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0dfe2087c51c460008730de8b57e6a320782fbfb312e1f4d520e6c6fae155ee"
-dependencies = [
- "semver 0.11.0",
-]
-
-[[package]]
-name = "rustc_version"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
-dependencies = [
- "semver 1.0.25",
-]
-
-[[package]]
-name = "rustix"
-version = "0.38.44"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
-dependencies = [
- "bitflags",
- "errno",
- "libc",
- "linux-raw-sys",
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "rustls"
-version = "0.21.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki",
- "sct",
-]
-
-[[package]]
-name = "rustls-native-certs"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
-dependencies = [
- "openssl-probe",
- "rustls-pemfile",
- "schannel",
- "security-framework",
-]
-
-[[package]]
-name = "rustls-pemfile"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
-dependencies = [
- "base64 0.21.7",
-]
-
-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
-name = "rustversion"
-version = "1.0.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
-
-[[package]]
-name = "rusty-fork"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
-dependencies = [
- "fnv",
- "quick-error",
- "tempfile",
- "wait-timeout",
-]
-
-[[package]]
-name = "ryu"
-version = "1.0.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd"
-
-[[package]]
-name = "same-file"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
-dependencies = [
- "winapi-util",
-]
-
-[[package]]
-name = "schannel"
-version = "0.1.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
-dependencies = [
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
-name = "sec1"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
-dependencies = [
- "base16ct 0.1.1",
- "der 0.6.1",
- "generic-array",
- "pkcs8 0.9.0",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "sec1"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
-dependencies = [
- "base16ct 0.2.0",
- "der 0.7.9",
- "generic-array",
- "pkcs8 0.10.2",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "secp256k1"
-version = "0.29.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9465315bc9d4566e1724f0fffcbcc446268cb522e60f9a27bcded6b19c108113"
-dependencies = [
- "rand",
- "secp256k1-sys",
-]
-
-[[package]]
-name = "secp256k1-sys"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4387882333d3aa8cb20530a17c69a3752e97837832f34f6dccc760e715001d9"
-dependencies = [
- "cc",
-]
-
-[[package]]
-name = "security-framework"
-version = "2.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
-dependencies = [
- "bitflags",
- "core-foundation",
- "core-foundation-sys",
- "libc",
- "security-framework-sys",
-]
-
-[[package]]
-name = "security-framework-sys"
-version = "2.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "semver"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6"
-dependencies = [
- "semver-parser",
-]
-
-[[package]]
-name = "semver"
-version = "1.0.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "semver-parser"
-version = "0.10.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9900206b54a3527fdc7b8a938bffd94a568bac4f4aa8113b209df75a09c0dec2"
-dependencies = [
- "pest",
-]
-
-[[package]]
-name = "serde"
-version = "1.0.218"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60"
-dependencies = [
- "serde_derive",
-]
-
-[[package]]
-name = "serde-big-array"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11fc7cc2c76d73e0f27ee52abbd64eec84d46f370c88371120433196934e4b7f"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "serde_arrays"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38636132857f68ec3d5f3eb121166d2af33cb55174c4d5ff645db6165cbef0fd"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "serde_derive"
-version = "1.0.218"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "serde_json"
-version = "1.0.139"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44f86c3acccc9c65b153fe1b85a3be07fe5515274ec9f0653b4a0875731c72a6"
-dependencies = [
- "indexmap 2.7.1",
- "itoa",
- "memchr",
- "ryu",
- "serde",
-]
-
-[[package]]
-name = "serde_spanned"
-version = "0.6.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "serde_with"
-version = "3.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa"
-dependencies = [
- "base64 0.22.1",
- "chrono",
- "hex",
- "indexmap 1.9.3",
- "indexmap 2.7.1",
- "serde",
- "serde_derive",
- "serde_json",
- "serde_with_macros",
- "time",
-]
-
-[[package]]
-name = "serde_with_macros"
-version = "3.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e"
-dependencies = [
- "darling",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "sha1"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.10.7",
-]
-
-[[package]]
-name = "sha2"
-version = "0.10.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.10.7",
-]
-
-[[package]]
-name = "sha3"
-version = "0.10.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
-dependencies = [
- "digest 0.10.7",
- "keccak",
-]
-
-[[package]]
-name = "sha3-asm"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28efc5e327c837aa837c59eae585fc250715ef939ac32881bcc11677cd02d46"
-dependencies = [
- "cc",
- "cfg-if",
-]
-
-[[package]]
-name = "sharded-slab"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
-dependencies = [
- "lazy_static",
-]
-
-[[package]]
-name = "shlex"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
-
-[[package]]
-name = "signal-hook-registry"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "signature"
-version = "1.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
-dependencies = [
- "digest 0.10.7",
- "rand_core",
-]
-
-[[package]]
-name = "signature"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
-dependencies = [
- "digest 0.10.7",
- "rand_core",
-]
-
-[[package]]
-name = "sketches-ddsketch"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85636c14b73d81f541e525f585c0a2109e6744e1565b5c1668e31c70c10ed65c"
-
-[[package]]
-name = "slab"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67"
-dependencies = [
- "autocfg",
-]
-
-[[package]]
-name = "smallvec"
-version = "1.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd"
-
-[[package]]
-name = "snark-verifier"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28e4c4ed1edca41687fe2d8a09ba30badb0a5cc7fa56dd1159d62aeab7c99ace"
-dependencies = [
- "halo2-base",
- "halo2-ecc",
- "hex",
- "itertools 0.11.0",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "pairing 0.23.0",
- "rand",
- "revm",
- "ruint",
- "serde",
- "sha3",
-]
-
-[[package]]
-name = "snark-verifier-sdk"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "babff70ce6292fce03f692d68569f76b8f6710dbac7be7fe5f32c915909c9065"
-dependencies = [
- "bincode",
- "ethereum-types",
- "getset",
- "halo2-base",
- "hex",
- "itertools 0.11.0",
- "lazy_static",
- "num-bigint 0.4.6",
- "num-integer",
- "num-traits",
- "rand",
- "rand_chacha",
- "serde",
- "serde_json",
- "snark-verifier",
-]
-
-[[package]]
-name = "socket2"
-version = "0.5.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
-dependencies = [
- "libc",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-
-[[package]]
-name = "spki"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
-dependencies = [
- "base64ct",
- "der 0.6.1",
-]
-
-[[package]]
-name = "spki"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
-dependencies = [
- "base64ct",
- "der 0.7.9",
-]
-
-[[package]]
-name = "stable_deref_trait"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
-
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
-[[package]]
-name = "strength_reduce"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe895eb47f22e2ddd4dabc02bce419d2e643c8e3b585c78158b349195bc24d82"
-
-[[package]]
-name = "strsim"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
-
-[[package]]
-name = "strum"
-version = "0.26.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06"
-dependencies = [
- "strum_macros",
-]
-
-[[package]]
-name = "strum_macros"
-version = "0.26.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be"
-dependencies = [
- "heck",
- "proc-macro2",
- "quote",
- "rustversion",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "substrate-bn"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b5bbfa79abbae15dd642ea8176a21a635ff3c00059961d1ea27ad04e5b441c"
-dependencies = [
- "byteorder",
- "crunchy",
- "lazy_static",
- "rand",
- "rustc-hex",
-]
-
-[[package]]
-name = "subtle"
-version = "2.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
-
-[[package]]
-name = "svgbobdoc"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2c04b93fc15d79b39c63218f15e3fdffaa4c227830686e3b7c5f41244eb3e50"
-dependencies = [
- "base64 0.13.1",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "unicode-width",
-]
-
-[[package]]
-name = "syn"
-version = "1.0.109"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "syn"
-version = "2.0.98"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "synstructure"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "tap"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
-
-[[package]]
-name = "target-lexicon"
-version = "0.12.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
-
-[[package]]
-name = "tempfile"
-version = "3.17.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22e5a0acb1f3f55f65cc4a866c361b2fb2a0ff6366785ae6fbb5f85df07ba230"
-dependencies = [
- "cfg-if",
- "fastrand",
- "getrandom 0.3.1",
- "once_cell",
- "rustix",
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "test-case"
-version = "3.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb2550dd13afcd286853192af8601920d959b14c401fcece38071d53bf0768a8"
-dependencies = [
- "test-case-macros",
-]
-
-[[package]]
-name = "test-case-core"
-version = "3.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adcb7fd841cd518e279be3d5a3eb0636409487998a4aff22f3de87b81e88384f"
-dependencies = [
- "cfg-if",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "test-case-macros"
-version = "3.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "test-case-core",
-]
-
-[[package]]
-name = "test-log"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7f46083d221181166e5b6f6b1e5f1d499f3a76888826e6cb1d057554157cd0f"
-dependencies = [
- "env_logger",
- "test-log-macros",
- "tracing-subscriber",
-]
-
-[[package]]
-name = "test-log-macros"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "888d0c3c6db53c0fdab160d2ed5e12ba745383d3e85813f2ea0f2b1475ab553f"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "thiserror"
-version = "1.0.69"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
-dependencies = [
- "thiserror-impl 1.0.69",
-]
-
-[[package]]
-name = "thiserror"
-version = "2.0.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc"
-dependencies = [
- "thiserror-impl 2.0.11",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "1.0.69"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "2.0.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "thread_local"
-version = "1.1.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c"
-dependencies = [
- "cfg-if",
- "once_cell",
-]
-
-[[package]]
-name = "threadpool"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d050e60b33d41c19108b32cea32164033a9013fe3b46cbd4457559bfbf77afaa"
-dependencies = [
- "num_cpus",
-]
-
-[[package]]
-name = "tikv-jemalloc-sys"
-version = "0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd3c60906412afa9c2b5b5a48ca6a5abe5736aec9eb48ad05037a677e52e4e2d"
-dependencies = [
- "cc",
- "libc",
-]
-
-[[package]]
-name = "tikv-jemallocator"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4cec5ff18518d81584f477e9bfdf957f5bb0979b0bac3af4ca30b5b3ae2d2865"
-dependencies = [
- "libc",
- "tikv-jemalloc-sys",
-]
-
-[[package]]
-name = "time"
-version = "0.3.37"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
-dependencies = [
- "deranged",
- "itoa",
- "libc",
- "num-conv",
- "num_threads",
- "powerfmt",
- "serde",
- "time-core",
- "time-macros",
-]
-
-[[package]]
-name = "time-core"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
-
-[[package]]
-name = "time-macros"
-version = "0.2.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
-dependencies = [
- "num-conv",
- "time-core",
-]
-
-[[package]]
-name = "tiny-keccak"
-version = "2.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
-dependencies = [
- "crunchy",
-]
-
-[[package]]
-name = "tinystr"
-version = "0.7.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f"
-dependencies = [
- "displaydoc",
- "zerovec",
-]
-
-[[package]]
-name = "tinytemplate"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
-dependencies = [
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "tokio"
-version = "1.43.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e"
-dependencies = [
- "backtrace",
- "bytes",
- "libc",
- "mio",
- "pin-project-lite",
- "signal-hook-registry",
- "socket2",
- "tokio-macros",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "tokio-macros"
-version = "2.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls",
- "tokio",
-]
-
-[[package]]
-name = "tokio-util"
-version = "0.7.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078"
-dependencies = [
- "bytes",
- "futures-core",
- "futures-sink",
- "pin-project-lite",
- "tokio",
-]
-
-[[package]]
-name = "toml"
-version = "0.8.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd87a5cdd6ffab733b2f74bc4fd7ee5fff6634124999ac278c35fc78c6120148"
-dependencies = [
- "serde",
- "serde_spanned",
- "toml_datetime",
- "toml_edit",
-]
-
-[[package]]
-name = "toml_datetime"
-version = "0.6.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "toml_edit"
-version = "0.22.24"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474"
-dependencies = [
- "indexmap 2.7.1",
- "serde",
- "serde_spanned",
- "toml_datetime",
- "winnow",
-]
-
-[[package]]
-name = "tower-service"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
-
-[[package]]
-name = "tracing"
-version = "0.1.41"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
-dependencies = [
- "pin-project-lite",
- "tracing-attributes",
- "tracing-core",
-]
-
-[[package]]
-name = "tracing-attributes"
-version = "0.1.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "tracing-core"
-version = "0.1.33"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c"
-dependencies = [
- "once_cell",
- "valuable",
-]
-
-[[package]]
-name = "tracing-forest"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee40835db14ddd1e3ba414292272eddde9dad04d3d4b65509656414d1c42592f"
-dependencies = [
- "ansi_term",
- "smallvec",
- "thiserror 1.0.69",
- "tracing",
- "tracing-subscriber",
-]
-
-[[package]]
-name = "tracing-log"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
-dependencies = [
- "log",
- "once_cell",
- "tracing-core",
-]
-
-[[package]]
-name = "tracing-subscriber"
-version = "0.3.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008"
-dependencies = [
- "matchers",
- "nu-ansi-term",
- "once_cell",
- "regex",
- "sharded-slab",
- "smallvec",
- "thread_local",
- "tracing",
- "tracing-core",
- "tracing-log",
-]
-
-[[package]]
-name = "transpose"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ad61aed86bc3faea4300c7aee358b4c6d0c8d6ccc36524c96e4c92ccf26e77e"
-dependencies = [
- "num-integer",
- "strength_reduce",
-]
-
-[[package]]
-name = "try-lock"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
-
-[[package]]
-name = "typenum"
-version = "1.18.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
-
-[[package]]
-name = "ucd-trie"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971"
-
-[[package]]
-name = "uint"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76f64bba2c53b04fcab63c01a7d7427eadc821e3bc48c34dc9ba29c501164b52"
-dependencies = [
- "byteorder",
- "crunchy",
- "hex",
- "static_assertions",
-]
-
-[[package]]
-name = "unarray"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe"
-
-[[package]]
-name = "unicode-width"
-version = "0.1.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
-
-[[package]]
-name = "unicode-xid"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
-
-[[package]]
-name = "unroll"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ad948c1cb799b1a70f836077721a92a35ac177d4daddf4c20a633786d4cf618"
-dependencies = [
- "quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
-[[package]]
-name = "url"
-version = "2.5.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
-dependencies = [
- "form_urlencoded",
- "idna",
- "percent-encoding",
-]
-
-[[package]]
-name = "urlencoding"
-version = "2.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
-
-[[package]]
-name = "utf16_iter"
-version = "1.0.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246"
-
-[[package]]
-name = "utf8_iter"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
-
-[[package]]
-name = "utf8parse"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
-
-[[package]]
-name = "uuid"
-version = "1.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c1f41ffb7cf259f1ecc2876861a17e7142e63ead296f671f81f6ae85903e0d6"
-
-[[package]]
-name = "valuable"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
-
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
-[[package]]
-name = "vergen"
-version = "8.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2990d9ea5967266ea0ccf413a4aa5c42a93dbcfda9cb49a97de6931726b12566"
-dependencies = [
- "anyhow",
- "cfg-if",
- "git2",
- "rustversion",
- "time",
-]
-
-[[package]]
-name = "version_check"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
-
-[[package]]
-name = "vsimd"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64"
-
-[[package]]
-name = "wait-timeout"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09ac3b126d3914f9849036f826e054cbabdc8519970b8998ddaf3b5bd3c65f11"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "walkdir"
-version = "2.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
-dependencies = [
- "same-file",
- "winapi-util",
-]
-
-[[package]]
-name = "want"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
-dependencies = [
- "try-lock",
-]
-
-[[package]]
-name = "wasi"
-version = "0.11.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
-
-[[package]]
-name = "wasi"
-version = "0.13.3+wasi-0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
-dependencies = [
- "wit-bindgen-rt",
-]
-
-[[package]]
-name = "wasm-bindgen"
-version = "0.2.100"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
-dependencies = [
- "cfg-if",
- "once_cell",
- "rustversion",
- "wasm-bindgen-macro",
-]
-
-[[package]]
-name = "wasm-bindgen-backend"
-version = "0.2.100"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
-dependencies = [
- "bumpalo",
- "log",
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-macro"
-version = "0.2.100"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
-dependencies = [
- "quote",
- "wasm-bindgen-macro-support",
-]
-
-[[package]]
-name = "wasm-bindgen-macro-support"
-version = "0.2.100"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "wasm-bindgen-backend",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-shared"
-version = "0.2.100"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "web-sys"
-version = "0.3.77"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2"
-dependencies = [
- "js-sys",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-util"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
-dependencies = [
- "windows-sys 0.59.0",
-]
-
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
-[[package]]
-name = "windows-core"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.59.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_gnullvm",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
-
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
-
-[[package]]
-name = "windows_i686_gnu"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
-
-[[package]]
-name = "windows_i686_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
-
-[[package]]
-name = "winnow"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e7f4ea97f6f78012141bcdb6a216b2609f0979ada50b20ca5b52dde2eac2bb1"
-dependencies = [
- "memchr",
-]
-
-[[package]]
-name = "wit-bindgen-rt"
-version = "0.33.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
-dependencies = [
- "bitflags",
-]
-
-[[package]]
-name = "write16"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936"
-
-[[package]]
-name = "writeable"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
-
-[[package]]
-name = "wyz"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
-dependencies = [
- "tap",
-]
-
-[[package]]
-name = "xmlparser"
-version = "0.13.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"
-
-[[package]]
-name = "yoke"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
-dependencies = [
- "serde",
- "stable_deref_trait",
- "yoke-derive",
- "zerofrom",
-]
-
-[[package]]
-name = "yoke-derive"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "synstructure",
-]
-
-[[package]]
-name = "zerocopy"
-version = "0.7.35"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
-dependencies = [
- "byteorder",
- "zerocopy-derive",
-]
-
-[[package]]
-name = "zerocopy-derive"
-version = "0.7.35"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "zerofrom"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e"
-dependencies = [
- "zerofrom-derive",
-]
-
-[[package]]
-name = "zerofrom-derive"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
- "synstructure",
-]
-
-[[package]]
-name = "zeroize"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
-dependencies = [
- "zeroize_derive",
-]
-
-[[package]]
-name = "zeroize_derive"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "zerovec"
-version = "0.10.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079"
-dependencies = [
- "yoke",
- "zerofrom",
- "zerovec-derive",
-]
-
-[[package]]
-name = "zerovec-derive"
-version = "0.10.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.98",
-]
-
-[[package]]
-name = "zkhash"
-version = "0.2.0"
-source = "git+https://github.com/HorizenLabs/poseidon2.git?rev=bb476b9#bb476b9ca38198cf5092487283c8b8c5d4317c4e"
-dependencies = [
- "ark-ff 0.4.2",
- "ark-std 0.4.0",
- "bitvec",
- "blake2",
- "bls12_381",
- "byteorder",
- "cfg-if",
- "group 0.12.1",
- "group 0.13.0",
- "halo2",
- "hex",
- "jubjub",
- "lazy_static",
- "pasta_curves 0.5.1",
- "rand",
- "serde",
- "sha2",
- "sha3",
- "subtle",
-]
diff --git a/Cargo.toml b/Cargo.toml
index 943b8d798e..5ace13f77a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -51,10 +51,10 @@ members = [
     "extensions/keccak256/transpiler",
     "extensions/keccak256/guest",
     "extensions/keccak256/tests",
-    "extensions/sha256/circuit",
-    "extensions/sha256/transpiler",
-    "extensions/sha256/guest",
-    "extensions/sha256/tests",
+    "extensions/sha2/circuit",
+    "extensions/sha2/transpiler",
+    "extensions/sha2/guest",
+    "extensions/sha2/tests",
     "extensions/ecc/circuit",
     "extensions/ecc/transpiler",
     "extensions/ecc/guest",
@@ -112,7 +112,7 @@ openvm-stark-sdk = { git = "https://github.com/openvm-org/stark-backend.git", ta
 openvm-sdk = { path = "crates/sdk", default-features = false }
 openvm-mod-circuit-builder = { path = "crates/circuits/mod-builder", default-features = false }
 openvm-poseidon2-air = { path = "crates/circuits/poseidon2-air", default-features = false }
-openvm-sha256-air = { path = "crates/circuits/sha256-air", default-features = false }
+openvm-sha2-air = { path = "crates/circuits/sha2-air", default-features = false }
 openvm-circuit-primitives = { path = "crates/circuits/primitives", default-features = false }
 openvm-circuit-primitives-derive = { path = "crates/circuits/primitives/derive", default-features = false }
 openvm = { path = "crates/toolchain/openvm", default-features = false }
@@ -140,9 +140,9 @@ openvm-native-recursion = { path = "extensions/native/recursion", default-featur
 openvm-keccak256-circuit = { path = "extensions/keccak256/circuit", default-features = false }
 openvm-keccak256-transpiler = { path = "extensions/keccak256/transpiler", default-features = false }
 openvm-keccak256-guest = { path = "extensions/keccak256/guest", default-features = false }
-openvm-sha256-circuit = { path = "extensions/sha256/circuit", default-features = false }
-openvm-sha256-transpiler = { path = "extensions/sha256/transpiler", default-features = false }
-openvm-sha256-guest = { path = "extensions/sha256/guest", default-features = false }
+openvm-sha2-circuit = { path = "extensions/sha2/circuit", default-features = false }
+openvm-sha2-transpiler = { path = "extensions/sha2/transpiler", default-features = false }
+openvm-sha2-guest = { path = "extensions/sha2/guest", default-features = false }
 openvm-bigint-circuit = { path = "extensions/bigint/circuit", default-features = false }
 openvm-bigint-transpiler = { path = "extensions/bigint/transpiler", default-features = false }
 openvm-bigint-guest = { path = "extensions/bigint/guest", default-features = false }
@@ -211,6 +211,7 @@ rrs-lib = "0.1.0"
 rand = { version = "0.8.5", default-features = false }
 hex = { version = "0.4.3", default-features = false }
 serde-big-array = "0.5.1"
+ndarray = { version = "0.16.1", default-features = false }
 
 # default-features = false for no_std for use in guest programs
 itertools = { version = "0.14.0", default-features = false }
diff --git a/benchmarks/programs/kitchen-sink/Cargo.toml b/benchmarks/programs/kitchen-sink/Cargo.toml
index af853486cf..fe376068e4 100644
--- a/benchmarks/programs/kitchen-sink/Cargo.toml
+++ b/benchmarks/programs/kitchen-sink/Cargo.toml
@@ -18,7 +18,7 @@ openvm-pairing-guest = { path = "../../../extensions/pairing/guest", default-fea
     "bls12_381",
 ] }
 openvm-keccak256-guest = { path = "../../../extensions/keccak256/guest", default-features = false }
-openvm-sha256-guest = { path = "../../../extensions/sha256/guest", default-features = false }
+openvm-sha2-guest = { path = "../../../extensions/sha2/guest", default-features = false }
 openvm-bigint-guest = { path = "../../../extensions/bigint/guest", default-features = false }
 hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
 serde = "1.0"
diff --git a/benchmarks/programs/kitchen-sink/src/main.rs b/benchmarks/programs/kitchen-sink/src/main.rs
index 8c12e165f7..2dd0afdaa7 100644
--- a/benchmarks/programs/kitchen-sink/src/main.rs
+++ b/benchmarks/programs/kitchen-sink/src/main.rs
@@ -3,7 +3,7 @@ use std::{hint::black_box, mem::transmute};
 use openvm_algebra_guest::IntMod;
 use openvm_bigint_guest::I256;
 use openvm_keccak256_guest::keccak256;
-use openvm_sha256_guest::sha256;
+use openvm_sha2_guest::sha256;
 #[allow(unused_imports)]
 use {
     openvm_ecc_guest::{
diff --git a/benchmarks/src/bin/kitchen_sink.rs b/benchmarks/src/bin/kitchen_sink.rs
index 9ec4a26d71..053531d365 100644
--- a/benchmarks/src/bin/kitchen_sink.rs
+++ b/benchmarks/src/bin/kitchen_sink.rs
@@ -30,7 +30,7 @@ fn main() -> Result<()> {
         .rv32m(Default::default())
         .io(Default::default())
         .keccak(Default::default())
-        .sha256(Default::default())
+        .sha2(Default::default())
         .bigint(Default::default())
         .modular(ModularExtension::new(vec![
             BigUint::from_str("1000000000000000003").unwrap(),
diff --git a/book/src/SUMMARY.md b/book/src/SUMMARY.md
index 579bc70136..490971b050 100644
--- a/book/src/SUMMARY.md
+++ b/book/src/SUMMARY.md
@@ -19,7 +19,7 @@
 
 - [Overview](./custom-extensions/overview.md)
 - [Keccak](./custom-extensions/keccak.md)
-- [SHA-256](./custom-extensions/sha256.md)
+- [SHA-2](./custom-extensions/sha2.md)
 - [Big Integer](./custom-extensions/bigint.md)
 - [Algebra (Modular Arithmetic)](./custom-extensions/algebra.md)
 - [Elliptic Curve Cryptography](./custom-extensions/ecc.md)
diff --git a/book/src/custom-extensions/overview.md b/book/src/custom-extensions/overview.md
index aecbdf5f36..706a9709cc 100644
--- a/book/src/custom-extensions/overview.md
+++ b/book/src/custom-extensions/overview.md
@@ -5,13 +5,13 @@ You can seamlessly integrate certain performance-optimized extensions maintained
 In this chapter, we will explain how to use the following existing extensions:
 
 - [`openvm-keccak-guest`](./keccak.md) - Keccak256 hash function.
-- [`openvm-sha256-guest`](./sha256.md) - SHA2-256 hash function.
+- [`openvm-sha2-guest`](./sha2.md) - SHA-2 hash functions.
 - [`openvm-bigint-guest`](./bigint.md) - Big integer arithmetic for 256-bit signed and unsigned integers.
 - [`openvm-algebra-guest`](./algebra.md) - Modular arithmetic and complex field extensions.
 - [`openvm-ecc-guest`](./ecc.md) - Elliptic curve cryptography.
 - [`openvm-pairing-guest`](./pairing.md) - Elliptic curve optimal Ate pairings.
 
-Some extensions such as `openvm-keccak-guest`, `openvm-sha256-guest`, and `openvm-bigint-guest` can be enabled without specifying any additional configuration.
+Some extensions such as `openvm-keccak-guest`, `openvm-sha2-guest`, and `openvm-bigint-guest` can be enabled without specifying any additional configuration.
 
 On the other hand certain arithmetic operations, particularly modular arithmetic, can be optimized significantly when the modulus is known at compile time. This approach requires a framework to inform the compiler about all the moduli and associated arithmetic structures we intend to use. To achieve this, three steps are involved:
 
@@ -35,7 +35,7 @@ The template `openvm.toml` file is as follows:
 [app_vm_config.rv32m]
 [app_vm_config.io]
 [app_vm_config.keccak]
-[app_vm_config.sha256]
+[app_vm_config.sha2]
 [app_vm_config.native]
 [app_vm_config.bigint]
 [app_vm_config.modular]
diff --git a/book/src/custom-extensions/sha2.md b/book/src/custom-extensions/sha2.md
new file mode 100644
index 0000000000..ba3727d563
--- /dev/null
+++ b/book/src/custom-extensions/sha2.md
@@ -0,0 +1,67 @@
+# SHA-2
+
+The OpenVM SHA-2 extension provides tools for using the SHA-256, SHA-512, and SHA-384 hash functions. Refer [here](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) for more details on the SHA-2 family of hash functions.
+The functional part is provided by the `openvm-sha2-guest` crate, which is a guest library that can be used in any OpenVM program.
+
+## Functions for guest code
+
+The OpenVM SHA-2 Guest extension provides three pairs of functions for using in your guest code:
+
+- `sha256(input: &[u8]) -> [u8; 32]`: Computes the SHA-256 hash of the input data and returns it as an array of 32 bytes.
+- `set_sha256(input: &[u8], output: &mut [u8; 32])`: Sets the provided output buffer to the SHA-256 hash of the input data.
+- `sha512(input: &[u8]) -> [u8; 64]`: Computes the SHA-512 hash of the input data and returns it as an array of 64 bytes.
+- `set_sha512(input: &[u8], output: &mut [u8; 64])`: Sets the provided output buffer to the SHA-512 hash of the input data.
+- `sha384(input: &[u8]) -> [u8; 48]`: Computes the SHA-384 hash of the input data and returns it as an array of 48 bytes.
+- `set_sha384(input: &[u8], output: &mut [u8; 64])`: Sets the first 48 bytes of the provided output buffer to the SHA-384 hash of the input data and sets the rest of the buffer to zero.
+
+See the full example [here](https://github.com/openvm-org/openvm/blob/main/examples/sha2/src/main.rs).
+
+### Example
+
+```rust,no_run,noplayground
+{{ #include ../../../examples/sha2/src/main.rs:imports }}
+{{ #include ../../../examples/sha2/src/main.rs:main }}
+```
+
+To be able to import the `shaXXX` functions, add the following to your `Cargo.toml` file:
+
+```toml
+openvm-sha2-guest = { git = "https://github.com/openvm-org/openvm.git" }
+hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
+```
+
+## External Linking
+
+The SHA-2 guest extension also provides another way to use the intrinsic SHA-2 implementations. It provides functions that are meant to be linked to other external libraries. The external libraries can use these functions as hooks for the SHA-2 intrinsics. This is enabled only when the target is `zkvm`.
+
+- `zkvm_shaXXX_impl(input: *const u8, len: usize, output: *mut u8)`: where `XXX` is `256`, `512`, or `384`. These functions have `C` ABI. They take in a pointer to the input, the length of the input, and a pointer to the output buffer.
+
+In the external library, you can do the following:
+
+```rust
+extern "C" {
+    fn zkvm_sha256_impl(input: *const u8, len: usize, output: *mut u8);
+}
+
+fn sha256(input: &[u8]) -> [u8; 32] {
+    #[cfg(target_os = "zkvm")]
+    {
+        let mut output = [0u8; 32];
+        unsafe {
+            zkvm_sha256_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
+        }
+        output
+    }
+    #[cfg(not(target_os = "zkvm"))] {
+        // Regular SHA-256 implementation
+    }
+}
+```
+
+### Config parameters
+
+For the guest program to build successfully add the following to your `.toml` file:
+
+```toml
+[app_vm_config.sha2]
+```
diff --git a/book/src/custom-extensions/sha256.md b/book/src/custom-extensions/sha256.md
deleted file mode 100644
index 7b1e39be51..0000000000
--- a/book/src/custom-extensions/sha256.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# SHA-256
-
-The OpenVM SHA-256 extension provides tools for using the SHA-256 hash function. Refer [here](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) for more details on SHA-256.
-The functional part is provided by the `openvm-sha256-guest` crate, which is a guest library that can be used in any OpenVM program.
-
-## Functions for guest code
-
-The OpenVM SHA-256Guest extension provides two functions for using in your guest code:
-
-- `sha256(input: &[u8]) -> [u8; 32]`: Computes the SHA-256 hash of the input data and returns it as an array of 32 bytes.
-- `set_sha256(input: &[u8], output: &mut [u8; 32])`: Sets the output to the SHA-256 hash of the input data into the provided output buffer.
-
-See the full example [here](https://github.com/openvm-org/openvm/blob/main/examples/sha256/src/main.rs).
-
-### Example
-
-```rust,no_run,noplayground
-{{ #include ../../../examples/sha256/src/main.rs:imports }}
-{{ #include ../../../examples/sha256/src/main.rs:main }}
-```
-
-To be able to import the `sha256` function, add the following to your `Cargo.toml` file:
-
-```toml
-openvm-sha256-guest = { git = "https://github.com/openvm-org/openvm.git" }
-hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
-```
-
-## External Linking
-
-The SHA-256 guest extension also provides another way to use the intrinsic SHA-256 implementation. It provides a function that is meant to be linked to other external libraries. The external libraries can use this function as a hook for the SHA-256 intrinsic. This is enabled only when the target is `zkvm`.
-
-- `zkvm_sha256_impl(input: *const u8, len: usize, output: *mut u8)`: This function has `C` ABI. It takes in a pointer to the input, the length of the input, and a pointer to the output buffer.
-
-In the external library, you can do the following:
-
-```rust
-extern "C" {
-    fn zkvm_sha256_impl(input: *const u8, len: usize, output: *mut u8);
-}
-
-fn sha256(input: &[u8]) -> [u8; 32] {
-    #[cfg(target_os = "zkvm")]
-    {
-        let mut output = [0u8; 32];
-        unsafe {
-            zkvm_sha256_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
-        }
-        output
-    }
-    #[cfg(not(target_os = "zkvm"))] {
-        // Regular SHA-256 implementation
-    }
-}
-```
-
-### Config parameters
-
-For the guest program to build successfully add the following to your `.toml` file:
-
-```toml
-[app_vm_config.sha256]
-```
diff --git a/book/src/introduction.md b/book/src/introduction.md
index 610faaedf2..40e8c37958 100644
--- a/book/src/introduction.md
+++ b/book/src/introduction.md
@@ -12,7 +12,7 @@ OpenVM is an open-source zero-knowledge virtual machine (zkVM) framework focused
 
   - RISC-V support via RV32IM
   - A native field arithmetic extension for proof recursion and aggregation
-  - The Keccak-256 and SHA2-256 hash functions
+  - The Keccak-256, SHA-256, SHA-512, and SHA-384 hash functions
   - Int256 arithmetic
   - Modular arithmetic over arbitrary fields
   - Elliptic curve operations, including multi-scalar multiplication and ECDSA signature verification, including for the secp256k1 and secp256r1 curves.
diff --git a/crates/circuits/primitives/derive/Cargo.toml b/crates/circuits/primitives/derive/Cargo.toml
index 06d4c00aed..2e91772fd5 100644
--- a/crates/circuits/primitives/derive/Cargo.toml
+++ b/crates/circuits/primitives/derive/Cargo.toml
@@ -12,6 +12,13 @@ license.workspace = true
 proc-macro = true
 
 [dependencies]
-syn = { version = "2.0", features = ["parsing"] }
+syn = { version = "2.0", features = ["parsing", "extra-traits"] }
 quote = "1.0"
-itertools = { workspace = true }
+itertools = { workspace = true, default-features = true }
+proc-macro2 = "1.0"
+
+[dev-dependencies]
+ndarray.workspace = true
+
+[package.metadata.cargo-shear]
+ignored = ["ndarray"]
diff --git a/crates/circuits/primitives/derive/src/cols_ref/README.md b/crates/circuits/primitives/derive/src/cols_ref/README.md
new file mode 100644
index 0000000000..82812f7b90
--- /dev/null
+++ b/crates/circuits/primitives/derive/src/cols_ref/README.md
@@ -0,0 +1,113 @@
+# ColsRef macro
+
+The `ColsRef` procedural macro is used in constraint generation to create column structs that have dynamic sizes.
+
+Note: this macro was originally created for use in the SHA-2 VM extension, where we reuse the same constraint generation code for three different circuits (SHA-256, SHA-512, and SHA-384).
+See the [SHA-2 VM extension](../../../../../../extensions/sha2/circuit/src/sha2_chip/air.rs) for an example of how to use the `ColsRef` macro to reuse constraint generation code over multiple circuits.
+
+## Overview
+
+As an illustrative example, consider the following columns struct:
+```rust
+struct ExampleCols<T, const N: usize> {
+    arr: [T; N],
+    sum: T,
+}
+```
+Let's say we want to constrain `sum` to be the sum of the elements of `arr`, and `N` can be either 5 or 10.
+We can define a trait that stores the config parameters.
+```rust
+pub trait ExampleConfig {
+    const N: usize;
+}
+```
+and then implement it for the two different configs.
+```rust
+pub struct ExampleConfigImplA;
+impl ExampleConfig for ExampleConfigImplA {
+    const N: usize = 5;
+}
+pub struct ExampleConfigImplB;
+impl ExampleConfig for ExampleConfigImplB {
+    const N: usize = 10;
+}
+```
+Then we can use the `ColsRef` macro like this
+```rust
+#[derive(ColsRef)]
+#[config(ExampleConfig)]
+struct ExampleCols<T, const N: usize> {
+    arr: [T; N],
+    sum: T,
+}
+```
+which will generate a columns struct that uses references to the fields.
+```rust
+struct ExampleColsRef<'a, T, const N: usize> {
+    arr: ndarray::ArrayView1<'a, T>, // an n-dimensional view into the input slice (ArrayView2 for 2D arrays, etc.)
+    sum: &'a T,
+}
+```
+The `ColsRef` macro will also generate a `from` method that takes a slice of the correct length and returns an instance of the columns struct.
+The `from` method is parameterized by a struct that implements the `ExampleConfig` trait, and it uses the associated constants to determine how to split the input slice into the fields of the columns struct.
+
+So, the constraint generation code can be written as
+```rust
+impl<AB: InteractionBuilder, C: ExampleConfig> Air<AB> for ExampleAir<C> {
+    fn eval(&self, builder: &mut AB) {
+        let main = builder.main();
+        let (local, _) = (main.row_slice(0), main.row_slice(1));
+        let local_cols = ExampleColsRef::<AB::Var>::from::<C>(&local[..C::N + 1]);
+        let sum = local_cols.arr.iter().sum();
+        builder.assert_eq(local_cols.sum, sum);
+    }
+}
+```
+Notes:
+- the `arr` and `sum` fields of `ExampleColsRef` are references to the elements of the `local` slice.
+- the name, `N`, of the const generic parameter must match the name of the associated constant `N` in the `ExampleConfig` trait.
+
+The `ColsRef` macro also generates a `ExampleColsRefMut` struct that stores mutable references to the fields, for use in trace generation.
+
+The `ColsRef` macro supports more than just variable-length array fields.
+The field types can also be:
+- any type that derives `AlignedBorrow` via `#[derive(AlignedBorrow)]`
+- any type that derives `ColsRef` via `#[derive(ColsRef)]`
+- (possibly nested) arrays of `T` or (possibly nested) arrays of a type that derives `AlignedBorrow`
+
+Note that we currently do not support arrays of types that derive `ColsRef`.
+
+## Specification
+
+Annotating a struct named `ExampleCols` with `#[derive(ColsRef)]` and `#[config(ExampleConfig)]` produces two structs, `ExampleColsRef` and `ExampleColsRefMut`.
+- we assume `ExampleCols` has exactly one generic type parameter, typically named `T`, and any number of const generic parameters. Each const generic parameter must have a name that matches an associated constant in the `ExampleConfig` trait
+
+The fields of `ExampleColsRef` have the same names as the fields of `ExampleCols`, but their types are transformed as follows:
+- type `T` becomes `&T`
+- type `[T; LEN]` becomes `&ArrayView1<T>` (see [ndarray](https://docs.rs/ndarray/latest/ndarray/index.html)) where `LEN` is an associated constant in `ExampleConfig`
+    - the `ExampleColsRef::from` method will correctly infer the length of the array from the config
+- fields with names that end in `Cols` are assumed to be a columns struct that derives `ColsRef` and are transformed into the appropriate `ColsRef` type recursively
+    - one restriction is that any nested `ColsRef` type must have the same config as the outer `ColsRef` type
+- fields that are annotated with `#[aligned_borrow]` are assumed to derive `AlignedBorrow` and are borrowed from the input slice. The new type is a reference to the `AlignedBorrow` type
+    - if a field whose name ends in `Cols` is annotated with `#[aligned_borrow]`, then the aligned borrow takes precedence, and the field is not transformed into an `ArrayView`
+- nested arrays of `U` become `&ArrayViewX<U>` where `X` is the number of dimensions in the nested array type
+    - `U` can be either the generic type `T` or a type that derives `AlignedBorrow`. In the latter case, the field must be annotated with `#[aligned_borrow]`
+    - the `ArrayViewX` type provides a `X`-dimensional view into the row slice 
+
+The fields of `ExampleColsRefMut` are almost the same as the fields of `ExampleColsRef`, but they are mutable references.
+- the `ArrayViewMutX` type is used instead of `ArrayViewX` for the array fields.
+- fields that derive `ColsRef` are transformed into the appropriate `ColsRefMut` type recursively.
+
+Each of the `ExampleColsRef` and `ExampleColsRefMut` types has the following methods implemented:
+```rust
+// Takes a slice of the correct length and returns an instance of the columns struct.
+pub const fn from<C: ExampleConfig>(slice: &[T]) -> Self;
+// Returns the number of cells in the struct
+pub const fn width<C: ExampleConfig>() -> usize;
+```
+Note that the `width` method on both structs returns the same value.
+
+Additionally, the `ExampleColsRef` struct has a `from_mut` method that takes a `ExampleColsRefMut` and returns a `ExampleColsRef`.
+This may be useful in trace generation to pass a `ExampleColsRefMut` to a function that expects a `ExampleColsRef`.
+
+See the [tests](../../tests/test_cols_ref.rs) for concrete examples of how the `ColsRef` macro handles each of the supported field types.
\ No newline at end of file
diff --git a/crates/circuits/primitives/derive/src/cols_ref/mod.rs b/crates/circuits/primitives/derive/src/cols_ref/mod.rs
new file mode 100644
index 0000000000..f4a772b423
--- /dev/null
+++ b/crates/circuits/primitives/derive/src/cols_ref/mod.rs
@@ -0,0 +1,692 @@
+extern crate proc_macro;
+
+use itertools::Itertools;
+use quote::{format_ident, quote};
+use syn::{parse_quote, DeriveInput};
+
+pub fn cols_ref_impl(
+    derive_input: DeriveInput,
+    config: proc_macro2::Ident,
+) -> proc_macro2::TokenStream {
+    let DeriveInput {
+        ident,
+        generics,
+        data,
+        vis,
+        ..
+    } = derive_input;
+
+    let generic_types = generics
+        .params
+        .iter()
+        .filter_map(|p| {
+            if let syn::GenericParam::Type(type_param) = p {
+                Some(type_param)
+            } else {
+                None
+            }
+        })
+        .collect::<Vec<_>>();
+
+    if generic_types.len() != 1 {
+        panic!("Struct must have exactly one generic type parameter");
+    }
+
+    let generic_type = generic_types[0];
+
+    let const_generics = generics.const_params().map(|p| &p.ident).collect_vec();
+
+    match data {
+        syn::Data::Struct(data_struct) => {
+            // Process the fields of the struct, transforming the types for use in ColsRef struct
+            let const_field_infos: Vec<FieldInfo> = data_struct
+                .fields
+                .iter()
+                .map(|f| get_const_cols_ref_fields(f, generic_type, &const_generics))
+                .collect_vec();
+
+            // The ColsRef struct is named by appending `Ref` to the struct name
+            let const_cols_ref_name = syn::Ident::new(&format!("{}Ref", ident), ident.span());
+
+            // the args to the `from` method will be different for the ColsRef and ColsRefMut structs
+            let from_args = quote! { slice: &'a [#generic_type] };
+
+            // Package all the necessary information to generate the ColsRef struct
+            let struct_info = StructInfo {
+                name: const_cols_ref_name,
+                vis: vis.clone(),
+                generic_type: generic_type.clone(),
+                field_infos: const_field_infos,
+                fields: data_struct.fields.clone(),
+                from_args,
+                derive_clone: true,
+            };
+
+            // Generate the ColsRef struct
+            let const_cols_ref_struct = make_struct(struct_info.clone(), &config);
+
+            // Generate the `from_mut` method for the ColsRef struct
+            let from_mut_impl = make_from_mut(struct_info, &config);
+
+            // Process the fields of the struct, transforming the types for use in ColsRefMut struct
+            let mut_field_infos: Vec<FieldInfo> = data_struct
+                .fields
+                .iter()
+                .map(|f| get_mut_cols_ref_fields(f, generic_type, &const_generics))
+                .collect_vec();
+
+            // The ColsRefMut struct is named by appending `RefMut` to the struct name
+            let mut_cols_ref_name = syn::Ident::new(&format!("{}RefMut", ident), ident.span());
+
+            // the args to the `from` method will be different for the ColsRef and ColsRefMut structs
+            let from_args = quote! { slice: &'a mut [#generic_type] };
+
+            // Package all the necessary information to generate the ColsRefMut struct
+            let struct_info = StructInfo {
+                name: mut_cols_ref_name,
+                vis,
+                generic_type: generic_type.clone(),
+                field_infos: mut_field_infos,
+                fields: data_struct.fields,
+                from_args,
+                derive_clone: false,
+            };
+
+            // Generate the ColsRefMut struct
+            let mut_cols_ref_struct = make_struct(struct_info, &config);
+
+            quote! {
+                #const_cols_ref_struct
+                #from_mut_impl
+                #mut_cols_ref_struct
+            }
+        }
+        _ => panic!("ColsRef can only be derived for structs"),
+    }
+}
+
+#[derive(Debug, Clone)]
+struct StructInfo {
+    name: syn::Ident,
+    vis: syn::Visibility,
+    generic_type: syn::TypeParam,
+    field_infos: Vec<FieldInfo>,
+    fields: syn::Fields,
+    from_args: proc_macro2::TokenStream,
+    derive_clone: bool,
+}
+
+// Generate the ColsRef and ColsRefMut structs, depending on the value of `struct_info`
+// This function is meant to reduce code duplication between the code needed to generate the two structs
+// Notable differences between the two structs are:
+//   - the types of the fields
+//   - ColsRef derives Clone, but ColsRefMut cannot (since it stores mutable references)
+//   - the `from` method parameter is a reference to a slice for ColsRef and a mutable reference to a slice for ColsRefMut
+fn make_struct(struct_info: StructInfo, config: &proc_macro2::Ident) -> proc_macro2::TokenStream {
+    let StructInfo {
+        name,
+        vis,
+        generic_type,
+        field_infos,
+        fields,
+        from_args,
+        derive_clone,
+    } = struct_info;
+
+    let field_types = field_infos.iter().map(|f| &f.ty).collect_vec();
+    let length_exprs = field_infos.iter().map(|f| &f.length_expr).collect_vec();
+    let prepare_subslices = field_infos
+        .iter()
+        .map(|f| &f.prepare_subslice)
+        .collect_vec();
+    let initializers = field_infos.iter().map(|f| &f.initializer).collect_vec();
+
+    let idents = fields.iter().map(|f| &f.ident).collect_vec();
+
+    let clone_impl = if derive_clone {
+        quote! {
+            #[derive(Clone)]
+        }
+    } else {
+        quote! {}
+    };
+
+    quote! {
+        #clone_impl
+        #[derive(Debug)]
+        #vis struct #name <'a, #generic_type> {
+            #( pub #idents: #field_types ),*
+        }
+
+        impl<'a, #generic_type> #name<'a, #generic_type> {
+            pub fn from<C: #config>(#from_args) -> Self {
+                #( #prepare_subslices )*
+                Self {
+                    #( #idents: #initializers ),*
+                }
+            }
+
+            // returns number of cells in the struct (where each cell has type T)
+            pub const fn width<C: #config>() -> usize {
+                0 #( + #length_exprs )*
+            }
+        }
+    }
+}
+
+// Generate the `from_mut` method for the ColsRef struct
+fn make_from_mut(struct_info: StructInfo, config: &proc_macro2::Ident) -> proc_macro2::TokenStream {
+    let StructInfo {
+        name,
+        vis: _,
+        generic_type,
+        field_infos: _,
+        fields,
+        from_args: _,
+        derive_clone: _,
+    } = struct_info;
+
+    let from_mut_impl = fields
+        .iter()
+        .map(|f| {
+            let ident = f.ident.clone().unwrap();
+
+            let derives_aligned_borrow = f
+                .attrs
+                .iter()
+                .any(|attr| attr.path().is_ident("aligned_borrow"));
+
+            let is_array = matches!(f.ty, syn::Type::Array(_));
+
+            if is_array {
+                // calling view() on ArrayViewMut returns an ArrayView
+                quote! {
+                    other.#ident.view()
+                }
+            } else if derives_aligned_borrow {
+                // implicitly converts a mutable reference to an immutable reference, so leave the field value unchanged
+                quote! {
+                    other.#ident
+                }
+            } else if is_columns_struct(&f.ty) {
+                // lifetime 'b is used in from_mut to allow more flexible lifetime of return value
+                let cols_ref_type =
+                    get_const_cols_ref_type(&f.ty, &generic_type, parse_quote! { 'b });
+                // Recursively call `from_mut` on the ColsRef field
+                quote! {
+                    <#cols_ref_type>::from_mut::<C>(&other.#ident)
+                }
+            } else if is_generic_type(&f.ty, &generic_type) {
+                // implicitly converts a mutable reference to an immutable reference, so leave the field value unchanged
+                quote! {
+                    &other.#ident
+                }
+            } else {
+                panic!("Unsupported field type: {:?}", f.ty);
+            }
+        })
+        .collect_vec();
+
+    let field_idents = fields
+        .iter()
+        .map(|f| f.ident.clone().unwrap())
+        .collect_vec();
+
+    let mut_struct_ident = format_ident!("{}Mut", name.to_string());
+    let mut_struct_type: syn::Type = parse_quote! {
+        #mut_struct_ident<'a, #generic_type>
+    };
+
+    parse_quote! {
+        // lifetime 'b is used in from_mut to allow more flexible lifetime of return value
+        impl<'b, #generic_type> #name<'b, #generic_type> {
+            pub fn from_mut<'a, C: #config>(other: &'b #mut_struct_type) -> Self
+            {
+                Self {
+                    #( #field_idents: #from_mut_impl ),*
+                }
+            }
+        }
+    }
+}
+
+// Information about a field that is used to generate the ColsRef and ColsRefMut structs
+// See the `make_struct` function to see how this information is used
+#[derive(Debug, Clone)]
+struct FieldInfo {
+    // type for struct definition
+    ty: syn::Type,
+    // an expr calculating the length of the field
+    length_expr: proc_macro2::TokenStream,
+    // prepare a subslice of the slice to be used in the 'from' method
+    prepare_subslice: proc_macro2::TokenStream,
+    // an expr used in the Self initializer in the 'from' method
+    // may refer to the subslice declared in prepare_subslice
+    initializer: proc_macro2::TokenStream,
+}
+
+// Prepare the fields for the const ColsRef struct
+fn get_const_cols_ref_fields(
+    f: &syn::Field,
+    generic_type: &syn::TypeParam,
+    const_generics: &[&syn::Ident],
+) -> FieldInfo {
+    let length_var = format_ident!("{}_length", f.ident.clone().unwrap());
+    let slice_var = format_ident!("{}_slice", f.ident.clone().unwrap());
+
+    let derives_aligned_borrow = f
+        .attrs
+        .iter()
+        .any(|attr| attr.path().is_ident("aligned_borrow"));
+
+    let is_array = matches!(f.ty, syn::Type::Array(_));
+
+    if is_array {
+        let ArrayInfo { dims, elem_type } = get_array_info(&f.ty, const_generics);
+        debug_assert!(
+            !dims.is_empty(),
+            "Array field must have at least one dimension"
+        );
+
+        let ndarray_ident: syn::Ident = format_ident!("ArrayView{}", dims.len());
+        let ndarray_type: syn::Type = parse_quote! {
+            ndarray::#ndarray_ident<'a, #elem_type>
+        };
+
+        // dimensions of the array in terms of number of cells
+        let dim_exprs = dims
+            .iter()
+            .map(|d| match d {
+                // need to prepend C:: for const generic array dimensions
+                Dimension::ConstGeneric(expr) => quote! { C::#expr },
+                Dimension::Other(expr) => quote! { #expr },
+            })
+            .collect_vec();
+
+        if derives_aligned_borrow {
+            let length_expr = quote! {
+                <#elem_type>::width() #(* #dim_exprs)*
+            };
+
+            FieldInfo {
+                ty: parse_quote! {
+                    #ndarray_type
+                },
+                length_expr: length_expr.clone(),
+                prepare_subslice: quote! {
+                    let (#slice_var, slice) = slice.split_at(#length_expr);
+                    let #slice_var: &[#elem_type] = unsafe { &*(#slice_var as *const [T] as *const [#elem_type]) };
+                    let #slice_var = ndarray::#ndarray_ident::from_shape( ( #(#dim_exprs),* ) , #slice_var).unwrap();
+                },
+                initializer: quote! {
+                    #slice_var
+                },
+            }
+        } else if is_columns_struct(&elem_type) {
+            panic!("Arrays of columns structs are currently not supported");
+        } else if is_generic_type(&elem_type, generic_type) {
+            let length_expr = quote! {
+                1 #(* #dim_exprs)*
+            };
+            FieldInfo {
+                ty: parse_quote! {
+                    #ndarray_type
+                },
+                length_expr: length_expr.clone(),
+                prepare_subslice: quote! {
+                    let (#slice_var, slice) = slice.split_at(#length_expr);
+                    let #slice_var = ndarray::#ndarray_ident::from_shape( ( #(#dim_exprs),* ) , #slice_var).unwrap();
+                },
+                initializer: quote! {
+                    #slice_var
+                },
+            }
+        } else {
+            panic!("Unsupported field type: {:?}", f.ty);
+        }
+    } else if derives_aligned_borrow {
+        // treat the field as a struct that derives AlignedBorrow (and doesn't depend on the config)
+        let f_ty = &f.ty;
+        FieldInfo {
+            ty: parse_quote! {
+                &'a #f_ty
+            },
+            length_expr: quote! {
+                <#f_ty>::width()
+            },
+            prepare_subslice: quote! {
+                let #length_var = <#f_ty>::width();
+                let (#slice_var, slice) = slice.split_at(#length_var);
+            },
+            initializer: quote! {
+                {
+                    use core::borrow::Borrow;
+                    #slice_var.borrow()
+                }
+            },
+        }
+    } else if is_columns_struct(&f.ty) {
+        let const_cols_ref_type = get_const_cols_ref_type(&f.ty, generic_type, parse_quote! { 'a });
+        FieldInfo {
+            ty: parse_quote! {
+                #const_cols_ref_type
+            },
+            length_expr: quote! {
+                <#const_cols_ref_type>::width::<C>()
+            },
+            prepare_subslice: quote! {
+                let #length_var = <#const_cols_ref_type>::width::<C>();
+                let (#slice_var, slice) = slice.split_at(#length_var);
+                let #slice_var = <#const_cols_ref_type>::from::<C>(#slice_var);
+            },
+            initializer: quote! {
+            #slice_var
+            },
+        }
+    } else if is_generic_type(&f.ty, generic_type) {
+        FieldInfo {
+            ty: parse_quote! {
+                &'a #generic_type
+            },
+            length_expr: quote! {
+                1
+            },
+            prepare_subslice: quote! {
+                let #length_var = 1;
+                let (#slice_var, slice) = slice.split_at(#length_var);
+            },
+            initializer: quote! {
+                &#slice_var[0]
+            },
+        }
+    } else {
+        panic!("Unsupported field type: {:?}", f.ty);
+    }
+}
+
+// Prepare the fields for the mut ColsRef struct
+fn get_mut_cols_ref_fields(
+    f: &syn::Field,
+    generic_type: &syn::TypeParam,
+    const_generics: &[&syn::Ident],
+) -> FieldInfo {
+    let length_var = format_ident!("{}_length", f.ident.clone().unwrap());
+    let slice_var = format_ident!("{}_slice", f.ident.clone().unwrap());
+
+    let derives_aligned_borrow = f
+        .attrs
+        .iter()
+        .any(|attr| attr.path().is_ident("aligned_borrow"));
+
+    let is_array = matches!(f.ty, syn::Type::Array(_));
+
+    if is_array {
+        let ArrayInfo { dims, elem_type } = get_array_info(&f.ty, const_generics);
+        debug_assert!(
+            !dims.is_empty(),
+            "Array field must have at least one dimension"
+        );
+
+        let ndarray_ident: syn::Ident = format_ident!("ArrayViewMut{}", dims.len());
+        let ndarray_type: syn::Type = parse_quote! {
+            ndarray::#ndarray_ident<'a, #elem_type>
+        };
+
+        // dimensions of the array in terms of number of cells
+        let dim_exprs = dims
+            .iter()
+            .map(|d| match d {
+                // need to prepend C:: for const generic array dimensions
+                Dimension::ConstGeneric(expr) => quote! { C::#expr },
+                Dimension::Other(expr) => quote! { #expr },
+            })
+            .collect_vec();
+
+        if derives_aligned_borrow {
+            let length_expr = quote! {
+                <#elem_type>::width() #(* #dim_exprs)*
+            };
+
+            FieldInfo {
+                ty: parse_quote! {
+                    #ndarray_type
+                },
+                length_expr: length_expr.clone(),
+                prepare_subslice: quote! {
+                    let (#slice_var, slice) = slice.split_at_mut (#length_expr);
+                    let #slice_var: &mut [#elem_type] = unsafe { &mut *(#slice_var as *mut [T] as *mut [#elem_type]) };
+                    let #slice_var = ndarray::#ndarray_ident::from_shape( ( #(#dim_exprs),* ) , #slice_var).unwrap();
+                },
+                initializer: quote! {
+                    #slice_var
+                },
+            }
+        } else if is_columns_struct(&elem_type) {
+            panic!("Arrays of columns structs are currently not supported");
+        } else if is_generic_type(&elem_type, generic_type) {
+            let length_expr = quote! {
+                1 #(* #dim_exprs)*
+            };
+            FieldInfo {
+                ty: parse_quote! {
+                    #ndarray_type
+                },
+                length_expr: length_expr.clone(),
+                prepare_subslice: quote! {
+                    let (#slice_var, slice) = slice.split_at_mut(#length_expr);
+                    let #slice_var = ndarray::#ndarray_ident::from_shape( ( #(#dim_exprs),* ) , #slice_var).unwrap();
+                },
+                initializer: quote! {
+                    #slice_var
+                },
+            }
+        } else {
+            panic!("Unsupported field type: {:?}", f.ty);
+        }
+    } else if derives_aligned_borrow {
+        // treat the field as a struct that derives AlignedBorrow (and doesn't depend on the config)
+        let f_ty = &f.ty;
+        FieldInfo {
+            ty: parse_quote! {
+                &'a mut #f_ty
+            },
+            length_expr: quote! {
+                <#f_ty>::width()
+            },
+            prepare_subslice: quote! {
+                let #length_var = <#f_ty>::width();
+                let (#slice_var, slice) = slice.split_at_mut(#length_var);
+            },
+            initializer: quote! {
+                {
+                    use core::borrow::BorrowMut;
+                    #slice_var.borrow_mut()
+                }
+            },
+        }
+    } else if is_columns_struct(&f.ty) {
+        let mut_cols_ref_type = get_mut_cols_ref_type(&f.ty, generic_type);
+        FieldInfo {
+            ty: parse_quote! {
+                #mut_cols_ref_type
+            },
+            length_expr: quote! {
+                <#mut_cols_ref_type>::width::<C>()
+            },
+            prepare_subslice: quote! {
+                let #length_var = <#mut_cols_ref_type>::width::<C>();
+                let (#slice_var, slice) = slice.split_at_mut(#length_var);
+                let #slice_var = <#mut_cols_ref_type>::from::<C>(#slice_var);
+            },
+            initializer: quote! {
+                #slice_var
+            },
+        }
+    } else if is_generic_type(&f.ty, generic_type) {
+        FieldInfo {
+            ty: parse_quote! {
+                &'a mut #generic_type
+            },
+            length_expr: quote! {
+                1
+            },
+            prepare_subslice: quote! {
+                let #length_var = 1;
+                let (#slice_var, slice) = slice.split_at_mut(#length_var);
+            },
+            initializer: quote! {
+                &mut #slice_var[0]
+            },
+        }
+    } else {
+        panic!("Unsupported field type: {:?}", f.ty);
+    }
+}
+
+// Helper functions
+
+fn is_columns_struct(ty: &syn::Type) -> bool {
+    if let syn::Type::Path(type_path) = ty {
+        type_path
+            .path
+            .segments
+            .iter()
+            .last()
+            .map(|s| s.ident.to_string().ends_with("Cols"))
+            .unwrap_or(false)
+    } else {
+        false
+    }
+}
+
+// If 'ty' is a struct that derives ColsRef, return the ColsRef struct type
+// Otherwise, return None
+fn get_const_cols_ref_type(
+    ty: &syn::Type,
+    generic_type: &syn::TypeParam,
+    lifetime: syn::Lifetime,
+) -> syn::TypePath {
+    if !is_columns_struct(ty) {
+        panic!("Expected a columns struct, got {:?}", ty);
+    }
+
+    if let syn::Type::Path(type_path) = ty {
+        let s = type_path.path.segments.iter().last().unwrap();
+        if s.ident.to_string().ends_with("Cols") {
+            let const_cols_ref_ident = format_ident!("{}Ref", s.ident);
+            let const_cols_ref_type = parse_quote! {
+                #const_cols_ref_ident<#lifetime, #generic_type>
+            };
+            const_cols_ref_type
+        } else {
+            panic!("is_columns_struct returned true for type {:?} but the last segment is not a columns struct", ty);
+        }
+    } else {
+        panic!(
+            "is_columns_struct returned true but the type {:?} is not a path",
+            ty
+        );
+    }
+}
+
+// If 'ty' is a struct that derives ColsRef, return the ColsRefMut struct type
+// Otherwise, return None
+fn get_mut_cols_ref_type(ty: &syn::Type, generic_type: &syn::TypeParam) -> syn::TypePath {
+    if !is_columns_struct(ty) {
+        panic!("Expected a columns struct, got {:?}", ty);
+    }
+
+    if let syn::Type::Path(type_path) = ty {
+        let s = type_path.path.segments.iter().last().unwrap();
+        if s.ident.to_string().ends_with("Cols") {
+            let mut_cols_ref_ident = format_ident!("{}RefMut", s.ident);
+            let mut_cols_ref_type = parse_quote! {
+                #mut_cols_ref_ident<'a, #generic_type>
+            };
+            mut_cols_ref_type
+        } else {
+            panic!("is_columns_struct returned true for type {:?} but the last segment is not a columns struct", ty);
+        }
+    } else {
+        panic!(
+            "is_columns_struct returned true but the type {:?} is not a path",
+            ty
+        );
+    }
+}
+
+fn is_generic_type(ty: &syn::Type, generic_type: &syn::TypeParam) -> bool {
+    if let syn::Type::Path(type_path) = ty {
+        if type_path.path.segments.len() == 1 {
+            type_path
+                .path
+                .segments
+                .iter()
+                .last()
+                .map(|s| s.ident == generic_type.ident)
+                .unwrap_or(false)
+        } else {
+            false
+        }
+    } else {
+        false
+    }
+}
+
+// Type of array dimension
+enum Dimension {
+    ConstGeneric(syn::Expr),
+    Other(syn::Expr),
+}
+
+// Describes a nested array
+struct ArrayInfo {
+    dims: Vec<Dimension>,
+    elem_type: syn::Type,
+}
+
+fn get_array_info(ty: &syn::Type, const_generics: &[&syn::Ident]) -> ArrayInfo {
+    let dims = get_dims(ty, const_generics);
+    let elem_type = get_elem_type(ty);
+    ArrayInfo { dims, elem_type }
+}
+
+fn get_elem_type(ty: &syn::Type) -> syn::Type {
+    match ty {
+        syn::Type::Array(array) => get_elem_type(array.elem.as_ref()),
+        syn::Type::Path(_) => ty.clone(),
+        _ => panic!("Unsupported type: {:?}", ty),
+    }
+}
+
+// Get a vector of the dimensions of the array
+// Each dimension is either a constant generic or a literal integer value
+fn get_dims(ty: &syn::Type, const_generics: &[&syn::Ident]) -> Vec<Dimension> {
+    get_dims_impl(ty, const_generics)
+        .into_iter()
+        .rev()
+        .collect()
+}
+
+fn get_dims_impl(ty: &syn::Type, const_generics: &[&syn::Ident]) -> Vec<Dimension> {
+    match ty {
+        syn::Type::Array(array) => {
+            let mut dims = get_dims_impl(array.elem.as_ref(), const_generics);
+            match &array.len {
+                syn::Expr::Path(syn::ExprPath { path, .. }) => {
+                    let len_ident = path.get_ident();
+                    if len_ident.is_some() && const_generics.contains(&len_ident.unwrap()) {
+                        dims.push(Dimension::ConstGeneric(array.len.clone()));
+                    } else {
+                        dims.push(Dimension::Other(array.len.clone()));
+                    }
+                }
+                syn::Expr::Lit(expr_lit) => dims.push(Dimension::Other(expr_lit.clone().into())),
+                _ => panic!("Unsupported array length type"),
+            }
+            dims
+        }
+        syn::Type::Path(_) => Vec::new(),
+        _ => panic!("Unsupported field type"),
+    }
+}
diff --git a/crates/circuits/primitives/derive/src/lib.rs b/crates/circuits/primitives/derive/src/lib.rs
index 1cece4e3fb..41b9a1a3bb 100644
--- a/crates/circuits/primitives/derive/src/lib.rs
+++ b/crates/circuits/primitives/derive/src/lib.rs
@@ -7,6 +7,9 @@ use proc_macro::TokenStream;
 use quote::quote;
 use syn::{parse_macro_input, Data, DeriveInput, Fields, GenericParam, LitStr, Meta};
 
+mod cols_ref;
+use cols_ref::cols_ref_impl;
+
 #[proc_macro_derive(AlignedBorrow)]
 pub fn aligned_borrow_derive(input: TokenStream) -> TokenStream {
     let ast = parse_macro_input!(input as DeriveInput);
@@ -398,3 +401,25 @@ pub fn bytes_stateful_derive(input: TokenStream) -> TokenStream {
         _ => unimplemented!(),
     }
 }
+
+#[proc_macro_derive(ColsRef, attributes(aligned_borrow, config))]
+pub fn cols_ref_derive(input: TokenStream) -> TokenStream {
+    let derive_input: DeriveInput = parse_macro_input!(input as DeriveInput);
+
+    let config = derive_input
+        .attrs
+        .iter()
+        .find(|attr| attr.path().is_ident("config"));
+    if config.is_none() {
+        return syn::Error::new(derive_input.ident.span(), "Config attribute is required")
+            .to_compile_error()
+            .into();
+    }
+    let config: proc_macro2::Ident = config
+        .unwrap()
+        .parse_args()
+        .expect("Failed to parse config");
+
+    let res = cols_ref_impl(derive_input, config);
+    res.into()
+}
diff --git a/crates/circuits/primitives/derive/tests/example.rs b/crates/circuits/primitives/derive/tests/example.rs
new file mode 100644
index 0000000000..58bac9e26c
--- /dev/null
+++ b/crates/circuits/primitives/derive/tests/example.rs
@@ -0,0 +1,87 @@
+use openvm_circuit_primitives_derive::ColsRef;
+
+pub trait ExampleConfig {
+    const N: usize;
+}
+pub struct ExampleConfigImplA;
+impl ExampleConfig for ExampleConfigImplA {
+    const N: usize = 5;
+}
+pub struct ExampleConfigImplB;
+impl ExampleConfig for ExampleConfigImplB {
+    const N: usize = 10;
+}
+
+#[allow(dead_code)]
+#[derive(ColsRef)]
+#[config(ExampleConfig)]
+struct ExampleCols<T, const N: usize> {
+    arr: [T; N],
+    sum: T,
+}
+
+#[test]
+fn example() {
+    let input = [1, 2, 3, 4, 5, 15];
+    let test: ExampleColsRef<u32> = ExampleColsRef::from::<ExampleConfigImplA>(&input);
+    println!("{}, {}", test.arr, test.sum);
+}
+
+/*
+ * For reference, this is what the ColsRef macro expands to.
+ * The `cargo expand` tool is helpful for understanding how the ColsRef macro works.
+ * See https://github.com/dtolnay/cargo-expand
+
+#[derive(Debug, Clone)]
+struct ExampleColsRef<'a, T> {
+    pub arr: ndarray::ArrayView1<'a, T>,
+    pub sum: &'a T,
+}
+
+impl<'a, T> ExampleColsRef<'a, T> {
+    pub fn from<C: ExampleConfig>(slice: &'a [T]) -> Self {
+        let (arr_slice, slice) = slice.split_at(1 * C::N);
+        let arr_slice = ndarray::ArrayView1::from_shape((C::N), arr_slice).unwrap();
+        let sum_length = 1;
+        let (sum_slice, slice) = slice.split_at(sum_length);
+        Self {
+            arr: arr_slice,
+            sum: &sum_slice[0],
+        }
+    }
+    pub const fn width<C: ExampleConfig>() -> usize {
+        0 + 1 * C::N + 1
+    }
+}
+
+impl<'b, T> ExampleColsRef<'b, T> {
+    pub fn from_mut<'a, C: ExampleConfig>(other: &'b ExampleColsRefMut<'a, T>) -> Self {
+        Self {
+            arr: other.arr.view(),
+            sum: &other.sum,
+        }
+    }
+}
+
+#[derive(Debug)]
+struct ExampleColsRefMut<'a, T> {
+    pub arr: ndarray::ArrayViewMut1<'a, T>,
+    pub sum: &'a mut T,
+}
+
+impl<'a, T> ExampleColsRefMut<'a, T> {
+    pub fn from<C: ExampleConfig>(slice: &'a mut [T]) -> Self {
+        let (arr_slice, slice) = slice.split_at_mut(1 * C::N);
+        let arr_slice = ndarray::ArrayViewMut1::from_shape((C::N), arr_slice).unwrap();
+        let sum_length = 1;
+        let (sum_slice, slice) = slice.split_at_mut(sum_length);
+        Self {
+            arr: arr_slice,
+            sum: &mut sum_slice[0],
+        }
+    }
+    pub const fn width<C: ExampleConfig>() -> usize {
+        0 + 1 * C::N + 1
+    }
+}
+*/
diff --git a/crates/circuits/primitives/derive/tests/test_cols_ref.rs b/crates/circuits/primitives/derive/tests/test_cols_ref.rs
new file mode 100644
index 0000000000..6bad0c4f9f
--- /dev/null
+++ b/crates/circuits/primitives/derive/tests/test_cols_ref.rs
@@ -0,0 +1,299 @@
+use openvm_circuit_primitives_derive::{AlignedBorrow, ColsRef};
+
+pub trait TestConfig {
+    const N: usize;
+    const M: usize;
+}
+pub struct TestConfigImpl;
+impl TestConfig for TestConfigImpl {
+    const N: usize = 5;
+    const M: usize = 2;
+}
+
+#[allow(dead_code)] // TestCols isn't actually used in the code. silence clippy warning
+#[derive(ColsRef)]
+#[config(TestConfig)]
+struct TestCols<T, const N: usize, const M: usize> {
+    single_field_element: T,
+    array_of_t: [T; N],
+    nested_array_of_t: [[T; N]; N],
+    cols_struct: TestSubCols<T, M>,
+    #[aligned_borrow]
+    array_of_aligned_borrow: [TestAlignedBorrow<T>; N],
+    #[aligned_borrow]
+    nested_array_of_aligned_borrow: [[TestAlignedBorrow<T>; N]; N],
+}
+
+#[allow(dead_code)] // TestSubCols isn't actually used in the code. silence clippy warning
+#[derive(ColsRef, Debug)]
+#[config(TestConfig)]
+struct TestSubCols<T, const M: usize> {
+    // TestSubCols can have fields of any type that TestCols can have
+    a: T,
+    b: [T; M],
+    #[aligned_borrow]
+    c: TestAlignedBorrow<T>,
+}
+
+#[derive(AlignedBorrow, Debug)]
+struct TestAlignedBorrow<T> {
+    a: T,
+    b: [T; 5],
+}
+
+#[test]
+fn test_cols_ref() {
+    assert_eq!(
+        TestColsRef::<i32>::width::<TestConfigImpl>(),
+        TestColsRefMut::<i32>::width::<TestConfigImpl>()
+    );
+    const WIDTH: usize = TestColsRef::<i32>::width::<TestConfigImpl>();
+    let mut input = vec![0; WIDTH];
+    let mut cols: TestColsRefMut<i32> = TestColsRefMut::from::<TestConfigImpl>(&mut input);
+
+    *cols.single_field_element = 1;
+    cols.array_of_t[0] = 2;
+    cols.nested_array_of_t[[0, 0]] = 3;
+    *cols.cols_struct.a = 4;
+    cols.cols_struct.b[0] = 5;
+    cols.cols_struct.c.a = 6;
+    cols.cols_struct.c.b[0] = 7;
+    cols.array_of_aligned_borrow[0].a = 8;
+    cols.array_of_aligned_borrow[0].b[0] = 9;
+    cols.nested_array_of_aligned_borrow[[0, 0]].a = 10;
+    cols.nested_array_of_aligned_borrow[[0, 0]].b[0] = 11;
+
+    let cols: TestColsRef<i32> = TestColsRef::from::<TestConfigImpl>(&input);
+    println!("{:?}", cols);
+    assert_eq!(*cols.single_field_element, 1);
+    assert_eq!(cols.array_of_t[0], 2);
+    assert_eq!(cols.nested_array_of_t[[0, 0]], 3);
+    assert_eq!(*cols.cols_struct.a, 4);
+    assert_eq!(cols.cols_struct.b[0], 5);
+    assert_eq!(cols.cols_struct.c.a, 6);
+    assert_eq!(cols.cols_struct.c.b[0], 7);
+    assert_eq!(cols.array_of_aligned_borrow[0].a, 8);
+    assert_eq!(cols.array_of_aligned_borrow[0].b[0], 9);
+    assert_eq!(cols.nested_array_of_aligned_borrow[[0, 0]].a, 10);
+    assert_eq!(cols.nested_array_of_aligned_borrow[[0, 0]].b[0], 11);
+}
+
+/*
+ * For reference, this is what the ColsRef macro expands to.
+ * The `cargo expand` tool is helpful for understanding how the ColsRef macro works.
+ * See https://github.com/dtolnay/cargo-expand
+
+#[derive(Debug, Clone)]
+struct TestColsRef<'a, T> {
+    pub single_field_element: &'a T,
+    pub array_of_t: ndarray::ArrayView1<'a, T>,
+    pub nested_array_of_t: ndarray::ArrayView2<'a, T>,
+    pub cols_struct: TestSubColsRef<'a, T>,
+    pub array_of_aligned_borrow: ndarray::ArrayView1<'a, TestAlignedBorrow<T>>,
+    pub nested_array_of_aligned_borrow: ndarray::ArrayView2<'a, TestAlignedBorrow<T>>,
+}
+
+impl<'a, T> TestColsRef<'a, T> {
+    pub fn from<C: TestConfig>(slice: &'a [T]) -> Self {
+        let single_field_element_length = 1;
+        let (single_field_element_slice, slice) = slice
+            .split_at(single_field_element_length);
+        let (array_of_t_slice, slice) = slice.split_at(1 * C::N);
+        let array_of_t_slice = ndarray::ArrayView1::from_shape((C::N), array_of_t_slice)
+            .unwrap();
+        let (nested_array_of_t_slice, slice) = slice.split_at(1 * C::N * C::N);
+        let nested_array_of_t_slice = ndarray::ArrayView2::from_shape(
+                (C::N, C::N),
+                nested_array_of_t_slice,
+            )
+            .unwrap();
+        let cols_struct_length = <TestSubColsRef<'a, T>>::width::<C>();
+        let (cols_struct_slice, slice) = slice.split_at(cols_struct_length);
+        let cols_struct_slice = <TestSubColsRef<'a, T>>::from::<C>(cols_struct_slice);
+        let (array_of_aligned_borrow_slice, slice) = slice
+            .split_at(<TestAlignedBorrow<T>>::width() * C::N);
+        let array_of_aligned_borrow_slice: &[TestAlignedBorrow<T>] = unsafe {
+            &*(array_of_aligned_borrow_slice as *const [T]
+                as *const [TestAlignedBorrow<T>])
+        };
+        let array_of_aligned_borrow_slice = ndarray::ArrayView1::from_shape(
+                (C::N),
+                array_of_aligned_borrow_slice,
+            )
+            .unwrap();
+        let (nested_array_of_aligned_borrow_slice, slice) = slice
+            .split_at(<TestAlignedBorrow<T>>::width() * C::N * C::N);
+        let nested_array_of_aligned_borrow_slice: &[TestAlignedBorrow<T>] = unsafe {
+            &*(nested_array_of_aligned_borrow_slice as *const [T]
+                as *const [TestAlignedBorrow<T>])
+        };
+        let nested_array_of_aligned_borrow_slice = ndarray::ArrayView2::from_shape(
+                (C::N, C::N),
+                nested_array_of_aligned_borrow_slice,
+            )
+            .unwrap();
+        Self {
+            single_field_element: &single_field_element_slice[0],
+            array_of_t: array_of_t_slice,
+            nested_array_of_t: nested_array_of_t_slice,
+            cols_struct: cols_struct_slice,
+            array_of_aligned_borrow: array_of_aligned_borrow_slice,
+            nested_array_of_aligned_borrow: nested_array_of_aligned_borrow_slice,
+        }
+    }
+    pub const fn width<C: TestConfig>() -> usize {
+        0 + 1 + 1 * C::N + 1 * C::N * C::N + <TestSubColsRef<'a, T>>::width::<C>()
+            + <TestAlignedBorrow<T>>::width() * C::N
+            + <TestAlignedBorrow<T>>::width() * C::N * C::N
+    }
+}
+
+impl<'b, T> TestColsRef<'b, T> {
+    pub fn from_mut<'a, C: TestConfig>(other: &'b TestColsRefMut<'a, T>) -> Self {
+        Self {
+            single_field_element: &other.single_field_element,
+            array_of_t: other.array_of_t.view(),
+            nested_array_of_t: other.nested_array_of_t.view(),
+            cols_struct: <TestSubColsRef<'b, T>>::from_mut::<C>(&other.cols_struct),
+            array_of_aligned_borrow: other.array_of_aligned_borrow.view(),
+            nested_array_of_aligned_borrow: other.nested_array_of_aligned_borrow.view(),
+        }
+    }
+}
+
+#[derive(Debug)]
+struct TestColsRefMut<'a, T> {
+    pub single_field_element: &'a mut T,
+    pub array_of_t: ndarray::ArrayViewMut1<'a, T>,
+    pub nested_array_of_t: ndarray::ArrayViewMut2<'a, T>,
+    pub cols_struct: TestSubColsRefMut<'a, T>,
+    pub array_of_aligned_borrow: ndarray::ArrayViewMut1<'a, TestAlignedBorrow<T>>,
+    pub nested_array_of_aligned_borrow: ndarray::ArrayViewMut2<'a, TestAlignedBorrow<T>>,
+}
+
+impl<'a, T> TestColsRefMut<'a, T> {
+    pub fn from<C: TestConfig>(slice: &'a mut [T]) -> Self {
+        let single_field_element_length = 1;
+        let (single_field_element_slice, slice) = slice
+            .split_at_mut(single_field_element_length);
+        let (array_of_t_slice, slice) = slice.split_at_mut(1 * C::N);
+        let array_of_t_slice = ndarray::ArrayViewMut1::from_shape(
+                (C::N),
+                array_of_t_slice,
+            )
+            .unwrap();
+        let (nested_array_of_t_slice, slice) = slice.split_at_mut(1 * C::N * C::N);
+        let nested_array_of_t_slice = ndarray::ArrayViewMut2::from_shape(
+                (C::N, C::N),
+                nested_array_of_t_slice,
+            )
+            .unwrap();
+        let cols_struct_length = <TestSubColsRefMut<'a, T>>::width::<C>();
+        let (cols_struct_slice, slice) = slice.split_at_mut(cols_struct_length);
+        let cols_struct_slice = <TestSubColsRefMut<'a, T>>::from::<C>(cols_struct_slice);
+        let (array_of_aligned_borrow_slice, slice) = slice
+            .split_at_mut(<TestAlignedBorrow<T>>::width() * C::N);
+        let array_of_aligned_borrow_slice: &mut [TestAlignedBorrow<T>] = unsafe {
+            &mut *(array_of_aligned_borrow_slice as *mut [T]
+                as *mut [TestAlignedBorrow<T>])
+        };
+        let array_of_aligned_borrow_slice = ndarray::ArrayViewMut1::from_shape(
+                (C::N),
+                array_of_aligned_borrow_slice,
+            )
+            .unwrap();
+        let (nested_array_of_aligned_borrow_slice, slice) = slice
+            .split_at_mut(<TestAlignedBorrow<T>>::width() * C::N * C::N);
+        let nested_array_of_aligned_borrow_slice: &mut [TestAlignedBorrow<T>] = unsafe {
+            &mut *(nested_array_of_aligned_borrow_slice as *mut [T]
+                as *mut [TestAlignedBorrow<T>])
+        };
+        let nested_array_of_aligned_borrow_slice = ndarray::ArrayViewMut2::from_shape(
+                (C::N, C::N),
+                nested_array_of_aligned_borrow_slice,
+            )
+            .unwrap();
+        Self {
+            single_field_element: &mut single_field_element_slice[0],
+            array_of_t: array_of_t_slice,
+            nested_array_of_t: nested_array_of_t_slice,
+            cols_struct: cols_struct_slice,
+            array_of_aligned_borrow: array_of_aligned_borrow_slice,
+            nested_array_of_aligned_borrow: nested_array_of_aligned_borrow_slice,
+        }
+    }
+    pub const fn width<C: TestConfig>() -> usize {
+        0 + 1 + 1 * C::N + 1 * C::N * C::N + <TestSubColsRefMut<'a, T>>::width::<C>()
+            + <TestAlignedBorrow<T>>::width() * C::N
+            + <TestAlignedBorrow<T>>::width() * C::N * C::N
+    }
+}
+
+#[derive(Debug, Clone)]
+struct TestSubColsRef<'a, T> {
+    pub a: &'a T,
+    pub b: ndarray::ArrayView1<'a, T>,
+    pub c: &'a TestAlignedBorrow<T>,
+}
+
+impl<'a, T> TestSubColsRef<'a, T> {
+    pub fn from<C: TestConfig>(slice: &'a [T]) -> Self {
+        let a_length = 1;
+        let (a_slice, slice) = slice.split_at(a_length);
+        let (b_slice, slice) = slice.split_at(1 * C::M);
+        let b_slice = ndarray::ArrayView1::from_shape((C::M), b_slice).unwrap();
+        let c_length = <TestAlignedBorrow<T>>::width();
+        let (c_slice, slice) = slice.split_at(c_length);
+        Self {
+            a: &a_slice[0],
+            b: b_slice,
+            c: {
+                use core::borrow::Borrow;
+                c_slice.borrow()
+            },
+        }
+    }
+    pub const fn width<C: TestConfig>() -> usize {
+        0 + 1 + 1 * C::M + <TestAlignedBorrow<T>>::width()
+    }
+}
+
+impl<'b, T> TestSubColsRef<'b, T> {
+    pub fn from_mut<'a, C: TestConfig>(other: &'b TestSubColsRefMut<'a, T>) -> Self {
+        Self {
+            a: &other.a,
+            b: other.b.view(),
+            c: other.c,
+        }
+    }
+}
+
+#[derive(Debug)]
+struct TestSubColsRefMut<'a, T> {
+    pub a: &'a mut T,
+    pub b: ndarray::ArrayViewMut1<'a, T>,
+    pub c: &'a mut TestAlignedBorrow<T>,
+}
+
+impl<'a, T> TestSubColsRefMut<'a, T> {
+    pub fn from<C: TestConfig>(slice: &'a mut [T]) -> Self {
+        let a_length = 1;
+        let (a_slice, slice) = slice.split_at_mut(a_length);
+        let (b_slice, slice) = slice.split_at_mut(1 * C::M);
+        let b_slice = ndarray::ArrayViewMut1::from_shape((C::M), b_slice).unwrap();
+        let c_length = <TestAlignedBorrow<T>>::width();
+        let (c_slice, slice) = slice.split_at_mut(c_length);
+        Self {
+            a: &mut a_slice[0],
+            b: b_slice,
+            c: {
+                use core::borrow::BorrowMut;
+                c_slice.borrow_mut()
+            },
+        }
+    }
+    pub const fn width<C: TestConfig>() -> usize {
+        0 + 1 + 1 * C::M + <TestAlignedBorrow<T>>::width()
+    }
+}
+*/
diff --git a/crates/circuits/sha256-air/Cargo.toml b/crates/circuits/sha2-air/Cargo.toml
similarity index 81%
rename from crates/circuits/sha256-air/Cargo.toml
rename to crates/circuits/sha2-air/Cargo.toml
index c376a1ffdd..65d1cb5814 100644
--- a/crates/circuits/sha256-air/Cargo.toml
+++ b/crates/circuits/sha2-air/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "openvm-sha256-air"
+name = "openvm-sha2-air"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true
@@ -7,8 +7,10 @@ edition.workspace = true
 [dependencies]
 openvm-circuit-primitives = { workspace = true }
 openvm-stark-backend = { workspace = true }
+openvm-circuit-primitives-derive = { workspace = true }
 sha2 = { version = "0.10", features = ["compress"] }
 rand.workspace = true
+ndarray.workspace = true
 
 [dev-dependencies]
 openvm-stark-sdk = { workspace = true }
diff --git a/crates/circuits/sha2-air/src/air.rs b/crates/circuits/sha2-air/src/air.rs
new file mode 100644
index 0000000000..abe1feaff1
--- /dev/null
+++ b/crates/circuits/sha2-air/src/air.rs
@@ -0,0 +1,676 @@
+use std::{cmp::max, iter::once, marker::PhantomData};
+
+use ndarray::s;
+use openvm_circuit_primitives::{
+    bitwise_op_lookup::BitwiseOperationLookupBus,
+    encoder::Encoder,
+    utils::{not, select},
+    SubAir,
+};
+use openvm_stark_backend::{
+    interaction::{BusIndex, InteractionBuilder, PermutationCheckBus},
+    p3_air::{AirBuilder, BaseAir},
+    p3_field::{Field, FieldAlgebra},
+    p3_matrix::Matrix,
+};
+
+use super::{
+    big_sig0_field, big_sig1_field, ch_field, compose, maj_field, small_sig0_field,
+    small_sig1_field,
+};
+use crate::{
+    constraint_word_addition, word_into_u16_limbs, Sha2Config, ShaDigestColsRef, ShaRoundColsRef,
+};
+
+/// Expects the message to be padded to a multiple of C::BLOCK_WORDS * C::WORD_BITS bits
+#[derive(Clone, Debug)]
+pub struct Sha2Air<C: Sha2Config> {
+    pub bitwise_lookup_bus: BitwiseOperationLookupBus,
+    pub row_idx_encoder: Encoder,
+    /// Internal bus for self-interactions in this AIR.
+    bus: PermutationCheckBus,
+    _phantom: PhantomData<C>,
+}
+
+impl<C: Sha2Config> Sha2Air<C> {
+    pub fn new(bitwise_lookup_bus: BitwiseOperationLookupBus, self_bus_idx: BusIndex) -> Self {
+        Self {
+            bitwise_lookup_bus,
+            row_idx_encoder: Encoder::new(C::ROWS_PER_BLOCK + 1, 2, false), // + 1 for dummy (padding) rows
+            bus: PermutationCheckBus::new(self_bus_idx),
+            _phantom: PhantomData,
+        }
+    }
+}
+
+impl<F, C: Sha2Config> BaseAir<F> for Sha2Air<C> {
+    fn width(&self) -> usize {
+        max(C::ROUND_WIDTH, C::DIGEST_WIDTH)
+    }
+}
+
+impl<AB: InteractionBuilder, C: Sha2Config> SubAir<AB> for Sha2Air<C> {
+    /// The start column for the sub-air to use
+    type AirContext<'a>
+        = usize
+    where
+        Self: 'a,
+        AB: 'a,
+        <AB as AirBuilder>::Var: 'a,
+        <AB as AirBuilder>::Expr: 'a;
+
+    fn eval<'a>(&'a self, builder: &'a mut AB, start_col: Self::AirContext<'a>)
+    where
+        <AB as AirBuilder>::Var: 'a,
+        <AB as AirBuilder>::Expr: 'a,
+    {
+        self.eval_row(builder, start_col);
+        self.eval_transitions(builder, start_col);
+    }
+}
+
+impl<C: Sha2Config> Sha2Air<C> {
+    /// Implements the single row constraints (i.e. imposes constraints only on local)
+    /// Implements some sanity constraints on the row index, flags, and work variables
+    fn eval_row<AB: InteractionBuilder>(&self, builder: &mut AB, start_col: usize) {
+        let main = builder.main();
+        let local = main.row_slice(0);
+
+        // Doesn't matter which column struct we use here as we are only interested in the common columns
+        let local_cols: ShaDigestColsRef<AB::Var> =
+            ShaDigestColsRef::from::<C>(&local[start_col..start_col + C::DIGEST_WIDTH]);
+        let flags = &local_cols.flags;
+        builder.assert_bool(*flags.is_round_row);
+        builder.assert_bool(*flags.is_first_4_rows);
+        builder.assert_bool(*flags.is_digest_row);
+        builder.assert_bool(*flags.is_round_row + *flags.is_digest_row);
+        builder.assert_bool(*flags.is_last_block);
+
+        self.row_idx_encoder
+            .eval(builder, local_cols.flags.row_idx.to_slice().unwrap());
+        builder.assert_one(self.row_idx_encoder.contains_flag_range::<AB>(
+            local_cols.flags.row_idx.to_slice().unwrap(),
+            0..=C::ROWS_PER_BLOCK,
+        ));
+        builder.assert_eq(
+            self.row_idx_encoder
+                .contains_flag_range::<AB>(local_cols.flags.row_idx.to_slice().unwrap(), 0..=3),
+            *flags.is_first_4_rows,
+        );
+        builder.assert_eq(
+            self.row_idx_encoder.contains_flag_range::<AB>(
+                local_cols.flags.row_idx.to_slice().unwrap(),
+                0..=C::ROUND_ROWS - 1,
+            ),
+            *flags.is_round_row,
+        );
+        builder.assert_eq(
+            self.row_idx_encoder.contains_flag::<AB>(
+                local_cols.flags.row_idx.to_slice().unwrap(),
+                &[C::ROUND_ROWS],
+            ),
+            *flags.is_digest_row,
+        );
+        // If padding row we want the row_idx to be C::ROWS_PER_BLOCK
+        builder.assert_eq(
+            self.row_idx_encoder.contains_flag::<AB>(
+                local_cols.flags.row_idx.to_slice().unwrap(),
+                &[C::ROWS_PER_BLOCK],
+            ),
+            flags.is_padding_row(),
+        );
+
+        // Constrain a, e, being composed of bits: we make sure a and e are always in the same place in the trace matrix
+        // Note: this has to be true for every row, even padding rows
+        for i in 0..C::ROUNDS_PER_ROW {
+            for j in 0..C::WORD_BITS {
+                builder.assert_bool(local_cols.hash.a[[i, j]]);
+                builder.assert_bool(local_cols.hash.e[[i, j]]);
+            }
+        }
+    }
+
+    /// Implements constraints for a digest row that ensure proper state transitions between blocks
+    /// This validates that:
+    /// The work variables are correctly initialized for the next message block
+    /// For the last message block, the initial state matches SHA_H constants
+    fn eval_digest_row<AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: ShaRoundColsRef<AB::Var>,
+        next: ShaDigestColsRef<AB::Var>,
+    ) {
+        // Check that if this is the last row of a message or an inpadding row, the hash should be the [SHA_H]
+        for i in 0..C::ROUNDS_PER_ROW {
+            let a = next.hash.a.row(i).mapv(|x| x.into()).to_vec();
+            let e = next.hash.e.row(i).mapv(|x| x.into()).to_vec();
+
+            for j in 0..C::WORD_U16S {
+                let a_limb = compose::<AB::Expr>(&a[j * 16..(j + 1) * 16], 1);
+                let e_limb = compose::<AB::Expr>(&e[j * 16..(j + 1) * 16], 1);
+
+                // If it is a padding row or the last row of a message, the `hash` should be the [SHA_H]
+                builder
+                    .when(
+                        next.flags.is_padding_row()
+                            + *next.flags.is_last_block * *next.flags.is_digest_row,
+                    )
+                    .assert_eq(
+                        a_limb,
+                        AB::Expr::from_canonical_u32(
+                            word_into_u16_limbs::<C>(C::get_h()[C::ROUNDS_PER_ROW - i - 1])[j],
+                        ),
+                    );
+
+                builder
+                    .when(
+                        next.flags.is_padding_row()
+                            + *next.flags.is_last_block * *next.flags.is_digest_row,
+                    )
+                    .assert_eq(
+                        e_limb,
+                        AB::Expr::from_canonical_u32(
+                            word_into_u16_limbs::<C>(C::get_h()[C::ROUNDS_PER_ROW - i + 3])[j],
+                        ),
+                    );
+            }
+        }
+
+        // Check if last row of a non-last block, the `hash` should be equal to the final hash of the current block
+        for i in 0..C::ROUNDS_PER_ROW {
+            let prev_a = next.hash.a.row(i).mapv(|x| x.into()).to_vec();
+            let prev_e = next.hash.e.row(i).mapv(|x| x.into()).to_vec();
+            let cur_a = next
+                .final_hash
+                .row(C::ROUNDS_PER_ROW - i - 1)
+                .mapv(|x| x.into());
+
+            let cur_e = next
+                .final_hash
+                .row(C::ROUNDS_PER_ROW - i + 3)
+                .mapv(|x| x.into());
+            for j in 0..C::WORD_U8S {
+                let prev_a_limb = compose::<AB::Expr>(&prev_a[j * 8..(j + 1) * 8], 1);
+                let prev_e_limb = compose::<AB::Expr>(&prev_e[j * 8..(j + 1) * 8], 1);
+
+                builder
+                    .when(not(*next.flags.is_last_block) * *next.flags.is_digest_row)
+                    .assert_eq(prev_a_limb, cur_a[j].clone());
+
+                builder
+                    .when(not(*next.flags.is_last_block) * *next.flags.is_digest_row)
+                    .assert_eq(prev_e_limb, cur_e[j].clone());
+            }
+        }
+
+        // Assert that the previous hash + work vars == final hash.
+        // That is, `next.prev_hash[i] + local.work_vars[i] == next.final_hash[i]`
+        // where addition is done modulo 2^32
+        for i in 0..C::HASH_WORDS {
+            let mut carry = AB::Expr::ZERO;
+            for j in 0..C::WORD_U16S {
+                let work_var_limb = if i < C::ROUNDS_PER_ROW {
+                    compose::<AB::Expr>(
+                        local
+                            .work_vars
+                            .a
+                            .slice(s![C::ROUNDS_PER_ROW - 1 - i, j * 16..(j + 1) * 16])
+                            .as_slice()
+                            .unwrap(),
+                        1,
+                    )
+                } else {
+                    compose::<AB::Expr>(
+                        local
+                            .work_vars
+                            .e
+                            .slice(s![C::ROUNDS_PER_ROW + 3 - i, j * 16..(j + 1) * 16])
+                            .as_slice()
+                            .unwrap(),
+                        1,
+                    )
+                };
+                let final_hash_limb = compose::<AB::Expr>(
+                    next.final_hash
+                        .slice(s![i, j * 2..(j + 1) * 2])
+                        .as_slice()
+                        .unwrap(),
+                    8,
+                );
+
+                carry = AB::Expr::from(AB::F::from_canonical_u32(1 << 16).inverse())
+                    * (next.prev_hash[[i, j]] + work_var_limb + carry - final_hash_limb);
+                builder
+                    .when(*next.flags.is_digest_row)
+                    .assert_bool(carry.clone());
+            }
+            // constrain the final hash limbs two at a time since we can do two checks per interaction
+            for chunk in next.final_hash.row(i).as_slice().unwrap().chunks(2) {
+                self.bitwise_lookup_bus
+                    .send_range(chunk[0], chunk[1])
+                    .eval(builder, *next.flags.is_digest_row);
+            }
+        }
+    }
+
+    fn eval_transitions<AB: InteractionBuilder>(&self, builder: &mut AB, start_col: usize) {
+        let main = builder.main();
+        let local = main.row_slice(0);
+        let next = main.row_slice(1);
+
+        // Doesn't matter what column structs we use here
+        let local_cols: ShaRoundColsRef<AB::Var> =
+            ShaRoundColsRef::from::<C>(&local[start_col..start_col + C::ROUND_WIDTH]);
+        let next_cols: ShaRoundColsRef<AB::Var> =
+            ShaRoundColsRef::from::<C>(&next[start_col..start_col + C::ROUND_WIDTH]);
+
+        let local_is_padding_row = local_cols.flags.is_padding_row();
+        // Note that there will always be a padding row in the trace since the unpadded height is a multiple of 17.
+        // So the next row is padding iff the current block is the last block in the trace.
+        let next_is_padding_row = next_cols.flags.is_padding_row();
+
+        // We check that the very last block has `is_last_block` set to true, which guarantees that
+        // there is at least one complete message. If other digest rows have `is_last_block` set to true,
+        // then the trace will be interpreted as containing multiple messages.
+        builder
+            .when(next_is_padding_row.clone())
+            .when(*next_cols.flags.is_digest_row)
+            .assert_one(*next_cols.flags.is_last_block);
+        // If we are in a round row, the next row cannot be a padding row
+        builder
+            .when(*local_cols.flags.is_round_row)
+            .assert_zero(next_is_padding_row.clone());
+        // The first row must be a round row
+        builder
+            .when_first_row()
+            .assert_one(*local_cols.flags.is_round_row);
+        // If we are in a padding row, the next row must also be a padding row
+        builder
+            .when_transition()
+            .when(local_is_padding_row.clone())
+            .assert_one(next_is_padding_row.clone());
+        // If we are in a digest row, the next row cannot be a digest row
+        builder
+            .when(*local_cols.flags.is_digest_row)
+            .assert_zero(*next_cols.flags.is_digest_row);
+        // Constrain how much the row index changes by
+        // round->round: 1
+        // round->digest: 1
+        // digest->round: -C::ROUND_ROWS
+        // digest->padding: 1
+        // padding->padding: 0
+        // Other transitions are not allowed by the above constraints
+        let delta = *local_cols.flags.is_round_row * AB::Expr::ONE
+            + *local_cols.flags.is_digest_row
+                * *next_cols.flags.is_round_row
+                * AB::Expr::from_canonical_usize(C::ROUND_ROWS)
+                * AB::Expr::NEG_ONE
+            + *local_cols.flags.is_digest_row * next_is_padding_row.clone() * AB::Expr::ONE;
+
+        let local_row_idx = self.row_idx_encoder.flag_with_val::<AB>(
+            local_cols.flags.row_idx.to_slice().unwrap(),
+            &(0..=C::ROWS_PER_BLOCK).map(|i| (i, i)).collect::<Vec<_>>(),
+        );
+        let next_row_idx = self.row_idx_encoder.flag_with_val::<AB>(
+            next_cols.flags.row_idx.to_slice().unwrap(),
+            &(0..=C::ROWS_PER_BLOCK).map(|i| (i, i)).collect::<Vec<_>>(),
+        );
+
+        builder
+            .when_transition()
+            .assert_eq(local_row_idx.clone() + delta, next_row_idx.clone());
+        builder.when_first_row().assert_zero(local_row_idx);
+
+        // Constrain the global block index
+        // We set the global block index to 0 for padding rows
+        // Starting with 1 so it is not the same as the padding rows
+
+        // Global block index is 1 on first row
+        builder
+            .when_first_row()
+            .assert_one(*local_cols.flags.global_block_idx);
+
+        // Global block index is constant on all rows in a block
+        builder.when(*local_cols.flags.is_round_row).assert_eq(
+            *local_cols.flags.global_block_idx,
+            *next_cols.flags.global_block_idx,
+        );
+        // Global block index increases by 1 between blocks
+        builder
+            .when_transition()
+            .when(*local_cols.flags.is_digest_row)
+            .when(*next_cols.flags.is_round_row)
+            .assert_eq(
+                *local_cols.flags.global_block_idx + AB::Expr::ONE,
+                *next_cols.flags.global_block_idx,
+            );
+        // Global block index is 0 on padding rows
+        builder
+            .when(local_is_padding_row.clone())
+            .assert_zero(*local_cols.flags.global_block_idx);
+
+        // Constrain the local block index
+        // We set the local block index to 0 for padding rows
+
+        // Local block index is constant on all rows in a block
+        // and its value on padding rows is equal to its value on the first block
+        builder
+            .when(not(*local_cols.flags.is_digest_row))
+            .assert_eq(
+                *local_cols.flags.local_block_idx,
+                *next_cols.flags.local_block_idx,
+            );
+        // Local block index increases by 1 between blocks in the same message
+        builder
+            .when(*local_cols.flags.is_digest_row)
+            .when(not(*local_cols.flags.is_last_block))
+            .assert_eq(
+                *local_cols.flags.local_block_idx + AB::Expr::ONE,
+                *next_cols.flags.local_block_idx,
+            );
+        // Local block index is 0 on padding rows
+        // Combined with the above, this means that the local block index is 0 in the first block
+        builder
+            .when(*local_cols.flags.is_digest_row)
+            .when(*local_cols.flags.is_last_block)
+            .assert_zero(*next_cols.flags.local_block_idx);
+
+        self.eval_message_schedule(builder, local_cols.clone(), next_cols.clone());
+        self.eval_work_vars(builder, local_cols.clone(), next_cols);
+        let next_cols: ShaDigestColsRef<AB::Var> =
+            ShaDigestColsRef::from::<C>(&next[start_col..start_col + C::DIGEST_WIDTH]);
+        self.eval_digest_row(builder, local_cols, next_cols);
+        let local_cols: ShaDigestColsRef<AB::Var> =
+            ShaDigestColsRef::from::<C>(&local[start_col..start_col + C::DIGEST_WIDTH]);
+        self.eval_prev_hash(builder, local_cols, next_is_padding_row);
+    }
+
+    /// Constrains that the next block's `prev_hash` is equal to the current block's `hash`
+    /// Note: the constraining is done by interactions with the chip itself on every digest row
+    fn eval_prev_hash<AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: ShaDigestColsRef<AB::Var>,
+        is_last_block_of_trace: AB::Expr, // note this indicates the last block of the trace, not the last block of the message
+    ) {
+        // Constrain that next block's `prev_hash` is equal to the current block's `hash`
+        let composed_hash = (0..C::HASH_WORDS)
+            .map(|i| {
+                let hash_bits = if i < C::ROUNDS_PER_ROW {
+                    local
+                        .hash
+                        .a
+                        .row(C::ROUNDS_PER_ROW - 1 - i)
+                        .mapv(|x| x.into())
+                        .to_vec()
+                } else {
+                    local
+                        .hash
+                        .e
+                        .row(C::ROUNDS_PER_ROW + 3 - i)
+                        .mapv(|x| x.into())
+                        .to_vec()
+                };
+                (0..C::WORD_U16S)
+                    .map(|j| compose::<AB::Expr>(&hash_bits[j * 16..(j + 1) * 16], 1))
+                    .collect::<Vec<_>>()
+            })
+            .collect::<Vec<_>>();
+        // Need to handle the case if this is the very last block of the trace matrix
+        let next_global_block_idx = select(
+            is_last_block_of_trace,
+            AB::Expr::ONE,
+            *local.flags.global_block_idx + AB::Expr::ONE,
+        );
+        // The following interactions constrain certain values from block to block
+        self.bus.send(
+            builder,
+            composed_hash
+                .into_iter()
+                .flatten()
+                .chain(once(next_global_block_idx)),
+            *local.flags.is_digest_row,
+        );
+
+        self.bus.receive(
+            builder,
+            local
+                .prev_hash
+                .flatten()
+                .mapv(|x| x.into())
+                .into_iter()
+                .chain(once((*local.flags.global_block_idx).into())),
+            *local.flags.is_digest_row,
+        );
+    }
+
+    /// Constrain the message schedule additions for `next` row
+    /// Note: For every addition we need to constrain the following for each of [WORD_U16S] limbs
+    /// sig_1(w_{t-2})[i] + w_{t-7}[i] + sig_0(w_{t-15})[i] + w_{t-16}[i] + carry_w[t][i-1] - carry_w[t][i] * 2^16 - w_t[i] == 0
+    /// Refer to [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf]
+    fn eval_message_schedule<'a, AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: ShaRoundColsRef<'a, AB::Var>,
+        next: ShaRoundColsRef<'a, AB::Var>,
+    ) {
+        // This `w` array contains 8 message schedule words - w_{idx}, ..., w_{idx+7} for some idx
+        let w = ndarray::concatenate(
+            ndarray::Axis(0),
+            &[local.message_schedule.w, next.message_schedule.w],
+        )
+        .unwrap();
+
+        // Constrain `w_3` for `next` row
+        for i in 0..C::ROUNDS_PER_ROW - 1 {
+            // here we constrain the w_3 of the i_th word of the next row
+            // w_3 of next is w[i+4-3] = w[i+1]
+            let w_3 = w.row(i + 1).mapv(|x| x.into()).to_vec();
+            let expected_w_3 = next.schedule_helper.w_3.row(i);
+            for j in 0..C::WORD_U16S {
+                let w_3_limb = compose::<AB::Expr>(&w_3[j * 16..(j + 1) * 16], 1);
+                builder
+                    .when(*local.flags.is_round_row)
+                    .assert_eq(w_3_limb, expected_w_3[j].into());
+            }
+        }
+
+        // Constrain intermed for `next` row
+        // We will only constrain intermed_12 for rows [3, 14], and let it unconstrained for other rows
+        // Other rows should put the needed value in intermed_12 to make the below summation constraint hold
+        let is_row_intermed_12 = self.row_idx_encoder.contains_flag_range::<AB>(
+            next.flags.row_idx.to_slice().unwrap(),
+            3..=C::ROUND_ROWS - 2,
+        );
+        // We will only constrain intermed_8 for rows [2, C::ROUND_ROWS - 2], and let it unconstrained for other rows
+        let is_row_intermed_8 = self.row_idx_encoder.contains_flag_range::<AB>(
+            next.flags.row_idx.to_slice().unwrap(),
+            2..=C::ROUND_ROWS - 3,
+        );
+        for i in 0..C::ROUNDS_PER_ROW {
+            // w_idx
+            let w_idx = w.row(i).mapv(|x| x.into()).to_vec();
+            // sig_0(w_{idx+1})
+            let sig_w = small_sig0_field::<AB::Expr, C>(w.row(i + 1).as_slice().unwrap());
+            for j in 0..C::WORD_U16S {
+                let w_idx_limb = compose::<AB::Expr>(&w_idx[j * 16..(j + 1) * 16], 1);
+                let sig_w_limb = compose::<AB::Expr>(&sig_w[j * 16..(j + 1) * 16], 1);
+
+                // We would like to constrain this only on rows 0..16, but we can't do a conditional check because the degree is already 3.
+                // So we must fill in `intermed_4` with dummy values on rows 0 and 16 to ensure the constraint holds on these rows.
+                builder.when_transition().assert_eq(
+                    next.schedule_helper.intermed_4[[i, j]],
+                    w_idx_limb + sig_w_limb,
+                );
+
+                builder.when(is_row_intermed_8.clone()).assert_eq(
+                    next.schedule_helper.intermed_8[[i, j]],
+                    local.schedule_helper.intermed_4[[i, j]],
+                );
+
+                builder.when(is_row_intermed_12.clone()).assert_eq(
+                    next.schedule_helper.intermed_12[[i, j]],
+                    local.schedule_helper.intermed_8[[i, j]],
+                );
+            }
+        }
+
+        // Constrain the message schedule additions for `next` row
+        for i in 0..C::ROUNDS_PER_ROW {
+            // Note, here by w_{t} we mean the i_th word of the `next` row
+            // w_{t-7}
+            let w_7 = if i < 3 {
+                local.schedule_helper.w_3.row(i).mapv(|x| x.into()).to_vec()
+            } else {
+                let w_3 = w.row(i - 3).mapv(|x| x.into()).to_vec();
+                (0..C::WORD_U16S)
+                    .map(|j| compose::<AB::Expr>(&w_3[j * 16..(j + 1) * 16], 1))
+                    .collect::<Vec<_>>()
+            };
+            // sig_0(w_{t-15}) + w_{t-16}
+            let intermed_16 = local.schedule_helper.intermed_12.row(i).mapv(|x| x.into());
+
+            let carries = (0..C::WORD_U16S)
+                .map(|j| {
+                    next.message_schedule.carry_or_buffer[[i, j * 2]]
+                        + AB::Expr::TWO * next.message_schedule.carry_or_buffer[[i, j * 2 + 1]]
+                })
+                .collect::<Vec<_>>();
+
+            // Constrain `W_{idx} = sig_1(W_{idx-2}) + W_{idx-7} + sig_0(W_{idx-15}) + W_{idx-16}`
+            // We would like to constrain this only on rows 4..C::ROUND_ROWS, but we can't do a conditional check because the degree of sum is already 3
+            // So we must fill in `intermed_12` with dummy values on rows 0..3 and C::ROUND_ROWS-1 and C::ROUND_ROWS to ensure the constraint holds on rows
+            // 0..4 and C::ROUND_ROWS. Note that the dummy value goes in the previous row to make the current row's constraint hold.
+            constraint_word_addition::<_, C>(
+                // Note: here we can't do a conditional check because the degree of sum is already 3
+                &mut builder.when_transition(),
+                &[&small_sig1_field::<AB::Expr, C>(
+                    w.row(i + 2).as_slice().unwrap(),
+                )],
+                &[&w_7, intermed_16.as_slice().unwrap()],
+                w.row(i + 4).as_slice().unwrap(),
+                &carries,
+            );
+
+            for j in 0..C::WORD_U16S {
+                // When on rows 4..C::ROUND_ROWS message schedule carries should be 0 or 1
+                let is_row_4_or_more = *next.flags.is_round_row - *next.flags.is_first_4_rows;
+                builder
+                    .when(is_row_4_or_more.clone())
+                    .assert_bool(next.message_schedule.carry_or_buffer[[i, j * 2]]);
+                builder
+                    .when(is_row_4_or_more)
+                    .assert_bool(next.message_schedule.carry_or_buffer[[i, j * 2 + 1]]);
+            }
+            // Constrain w being composed of bits
+            for j in 0..C::WORD_BITS {
+                builder
+                    .when(*next.flags.is_round_row)
+                    .assert_bool(next.message_schedule.w[[i, j]]);
+            }
+        }
+    }
+
+    /// Constrain the work vars on `next` row according to the sha documentation
+    /// Refer to [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf]
+    fn eval_work_vars<'a, AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: ShaRoundColsRef<'a, AB::Var>,
+        next: ShaRoundColsRef<'a, AB::Var>,
+    ) {
+        let a =
+            ndarray::concatenate(ndarray::Axis(0), &[local.work_vars.a, next.work_vars.a]).unwrap();
+        let e =
+            ndarray::concatenate(ndarray::Axis(0), &[local.work_vars.e, next.work_vars.e]).unwrap();
+
+        for i in 0..C::ROUNDS_PER_ROW {
+            for j in 0..C::WORD_U16S {
+                // Although we need carry_a <= 6 and carry_e <= 5, constraining carry_a, carry_e in [0, 2^8) is enough
+                // to prevent overflow and ensure the soundness of the addition we want to check
+                self.bitwise_lookup_bus
+                    .send_range(
+                        local.work_vars.carry_a[[i, j]],
+                        local.work_vars.carry_e[[i, j]],
+                    )
+                    .eval(builder, *local.flags.is_round_row);
+            }
+
+            let w_limbs = (0..C::WORD_U16S)
+                .map(|j| {
+                    compose::<AB::Expr>(
+                        next.message_schedule
+                            .w
+                            .slice(s![i, j * 16..(j + 1) * 16])
+                            .as_slice()
+                            .unwrap(),
+                        1,
+                    ) * *next.flags.is_round_row
+                })
+                .collect::<Vec<_>>();
+
+            let k_limbs = (0..C::WORD_U16S)
+                .map(|j| {
+                    self.row_idx_encoder.flag_with_val::<AB>(
+                        next.flags.row_idx.to_slice().unwrap(),
+                        &(0..C::ROUND_ROWS)
+                            .map(|rw_idx| {
+                                (
+                                    rw_idx,
+                                    word_into_u16_limbs::<C>(
+                                        C::get_k()[rw_idx * C::ROUNDS_PER_ROW + i],
+                                    )[j] as usize,
+                                )
+                            })
+                            .collect::<Vec<_>>(),
+                    )
+                })
+                .collect::<Vec<_>>();
+
+            // Constrain `a = h + sig_1(e) + ch(e, f, g) + K + W + sig_0(a) + Maj(a, b, c)`
+            // We have to enforce this constraint on all rows since the degree of the constraint is already 3.
+            // So, we must fill in `carry_a` with dummy values on digest rows to ensure the constraint holds.
+            constraint_word_addition::<_, C>(
+                builder,
+                &[
+                    e.row(i).mapv(|x| x.into()).as_slice().unwrap(), // previous `h`
+                    &big_sig1_field::<AB::Expr, C>(e.row(i + 3).as_slice().unwrap()), // sig_1 of previous `e`
+                    &ch_field::<AB::Expr>(
+                        e.row(i + 3).as_slice().unwrap(),
+                        e.row(i + 2).as_slice().unwrap(),
+                        e.row(i + 1).as_slice().unwrap(),
+                    ), // Ch of previous `e`, `f`, `g`
+                    &big_sig0_field::<AB::Expr, C>(a.row(i + 3).as_slice().unwrap()), // sig_0 of previous `a`
+                    &maj_field::<AB::Expr>(
+                        a.row(i + 3).as_slice().unwrap(),
+                        a.row(i + 2).as_slice().unwrap(),
+                        a.row(i + 1).as_slice().unwrap(),
+                    ), // Maj of previous a, b, c
+                ],
+                &[&w_limbs, &k_limbs],                             // K and W
+                a.row(i + 4).as_slice().unwrap(),                  // new `a`
+                next.work_vars.carry_a.row(i).as_slice().unwrap(), // carries of addition
+            );
+
+            // Constrain `e = d + h + sig_1(e) + ch(e, f, g) + K + W`
+            // We have to enforce this constraint on all rows since the degree of the constraint is already 3.
+            // So, we must fill in `carry_e` with dummy values on digest rows to ensure the constraint holds.
+            constraint_word_addition::<_, C>(
+                builder,
+                &[
+                    a.row(i).mapv(|x| x.into()).as_slice().unwrap(), // previous `d`
+                    e.row(i).mapv(|x| x.into()).as_slice().unwrap(), // previous `h`
+                    &big_sig1_field::<AB::Expr, C>(e.row(i + 3).as_slice().unwrap()), // sig_1 of previous `e`
+                    &ch_field::<AB::Expr>(
+                        e.row(i + 3).as_slice().unwrap(),
+                        e.row(i + 2).as_slice().unwrap(),
+                        e.row(i + 1).as_slice().unwrap(),
+                    ), // Ch of previous `e`, `f`, `g`
+                ],
+                &[&w_limbs, &k_limbs],                             // K and W
+                e.row(i + 4).as_slice().unwrap(),                  // new `e`
+                next.work_vars.carry_e.row(i).as_slice().unwrap(), // carries of addition
+            );
+        }
+    }
+}
diff --git a/crates/circuits/sha2-air/src/columns.rs b/crates/circuits/sha2-air/src/columns.rs
new file mode 100644
index 0000000000..c80dc372ff
--- /dev/null
+++ b/crates/circuits/sha2-air/src/columns.rs
@@ -0,0 +1,163 @@
+//! WARNING: the order of fields in the structs is important, do not change it
+
+use openvm_circuit_primitives::utils::not;
+use openvm_circuit_primitives_derive::ColsRef;
+use openvm_stark_backend::p3_field::FieldAlgebra;
+
+use crate::Sha2Config;
+
+/// In each SHA block:
+/// - First C::ROUND_ROWS rows use ShaRoundCols
+/// - Final row uses ShaDigestCols
+///
+/// ShaRoundCols and ShaDigestCols share the same first 3 fields:
+/// - flags
+/// - work_vars/hash (same type, different name)
+/// - schedule_helper
+///
+/// This design allows for:
+/// 1. Common constraints to work on either struct type by accessing these shared fields
+/// 2. Specific constraints to use the appropriate struct, with flags helping to do conditional constraints
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct ShaRoundCols<
+    T,
+    const WORD_BITS: usize,
+    const WORD_U8S: usize,
+    const WORD_U16S: usize,
+    const ROUNDS_PER_ROW: usize,
+    const ROUNDS_PER_ROW_MINUS_ONE: usize,
+    const ROW_VAR_CNT: usize,
+> {
+    pub flags: Sha2FlagsCols<T, ROW_VAR_CNT>,
+    pub work_vars: ShaWorkVarsCols<T, WORD_BITS, ROUNDS_PER_ROW, WORD_U16S>,
+    pub schedule_helper:
+        Sha2MessageHelperCols<T, WORD_U16S, ROUNDS_PER_ROW, ROUNDS_PER_ROW_MINUS_ONE>,
+    pub message_schedule: ShaMessageScheduleCols<T, WORD_BITS, ROUNDS_PER_ROW, WORD_U8S>,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct ShaDigestCols<
+    T,
+    const WORD_BITS: usize,
+    const WORD_U8S: usize,
+    const WORD_U16S: usize,
+    const HASH_WORDS: usize,
+    const ROUNDS_PER_ROW: usize,
+    const ROUNDS_PER_ROW_MINUS_ONE: usize,
+    const ROW_VAR_CNT: usize,
+> {
+    pub flags: Sha2FlagsCols<T, ROW_VAR_CNT>,
+    /// Will serve as previous hash values for the next block
+    pub hash: ShaWorkVarsCols<T, WORD_BITS, ROUNDS_PER_ROW, WORD_U16S>,
+    pub schedule_helper:
+        Sha2MessageHelperCols<T, WORD_U16S, ROUNDS_PER_ROW, ROUNDS_PER_ROW_MINUS_ONE>,
+    /// The actual final hash values of the given block
+    /// Note: the above `hash` will be equal to `final_hash` unless we are on the last block
+    pub final_hash: [[T; WORD_U8S]; HASH_WORDS],
+    /// The final hash of the previous block
+    /// Note: will be constrained using interactions with the chip itself
+    pub prev_hash: [[T; WORD_U16S]; HASH_WORDS],
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct ShaMessageScheduleCols<
+    T,
+    const WORD_BITS: usize,
+    const ROUNDS_PER_ROW: usize,
+    const WORD_U8S: usize,
+> {
+    /// The message schedule words as 32-bit integers
+    pub w: [[T; WORD_BITS]; ROUNDS_PER_ROW],
+    /// Will be message schedule carries for rows 4..C::ROUND_ROWS and a buffer for rows 0..4 to be used freely by wrapper chips
+    /// Note: carries are represented as 2 bit numbers
+    pub carry_or_buffer: [[T; WORD_U8S]; ROUNDS_PER_ROW],
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct ShaWorkVarsCols<
+    T,
+    const WORD_BITS: usize,
+    const ROUNDS_PER_ROW: usize,
+    const WORD_U16S: usize,
+> {
+    /// `a` and `e` after each iteration as 32-bits
+    pub a: [[T; WORD_BITS]; ROUNDS_PER_ROW],
+    pub e: [[T; WORD_BITS]; ROUNDS_PER_ROW],
+    /// The carry's used for addition during each iteration when computing `a` and `e`
+    pub carry_a: [[T; WORD_U16S]; ROUNDS_PER_ROW],
+    pub carry_e: [[T; WORD_U16S]; ROUNDS_PER_ROW],
+}
+
+/// These are the columns that are used to help with the message schedule additions
+/// Note: these need to be correctly assigned for every row even on padding rows
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct Sha2MessageHelperCols<
+    T,
+    const WORD_U16S: usize,
+    const ROUNDS_PER_ROW: usize,
+    const ROUNDS_PER_ROW_MINUS_ONE: usize,
+> {
+    /// The following are used to move data forward to constrain the message schedule additions
+    /// The value of `w` from 3 rounds ago
+    pub w_3: [[T; WORD_U16S]; ROUNDS_PER_ROW_MINUS_ONE],
+    /// Here intermediate(i) =  w_i + sig_0(w_{i+1})
+    /// Intermed_t represents the intermediate t rounds ago
+    pub intermed_4: [[T; WORD_U16S]; ROUNDS_PER_ROW],
+    pub intermed_8: [[T; WORD_U16S]; ROUNDS_PER_ROW],
+    pub intermed_12: [[T; WORD_U16S]; ROUNDS_PER_ROW],
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(Sha2Config)]
+pub struct Sha2FlagsCols<T, const ROW_VAR_CNT: usize> {
+    pub is_round_row: T,
+    /// A flag that indicates if the current row is among the first 4 rows of a block (the message rows)
+    pub is_first_4_rows: T,
+    pub is_digest_row: T,
+    pub is_last_block: T,
+    /// We will encode the row index [0..17) using 5 cells
+    pub row_idx: [T; ROW_VAR_CNT],
+    /// The global index of the current block
+    pub global_block_idx: T,
+    /// Will store the index of the current block in the current message starting from 0
+    pub local_block_idx: T,
+}
+
+impl<O, T: Copy + core::ops::Add<Output = O>, const ROW_VAR_CNT: usize>
+    Sha2FlagsCols<T, ROW_VAR_CNT>
+{
+    pub fn is_not_padding_row(&self) -> O {
+        self.is_round_row + self.is_digest_row
+    }
+
+    pub fn is_padding_row(&self) -> O
+    where
+        O: FieldAlgebra,
+    {
+        not(self.is_not_padding_row())
+    }
+}
+
+impl<O, T: Copy + core::ops::Add<Output = O>> Sha2FlagsColsRef<'_, T> {
+    pub fn is_not_padding_row(&self) -> O {
+        *self.is_round_row + *self.is_digest_row
+    }
+
+    pub fn is_padding_row(&self) -> O
+    where
+        O: FieldAlgebra,
+    {
+        not(self.is_not_padding_row())
+    }
+}
diff --git a/crates/circuits/sha2-air/src/config.rs b/crates/circuits/sha2-air/src/config.rs
new file mode 100644
index 0000000000..c0f9964039
--- /dev/null
+++ b/crates/circuits/sha2-air/src/config.rs
@@ -0,0 +1,375 @@
+use std::ops::{BitAnd, BitOr, BitXor, Not, Shl, Shr};
+
+use crate::{ShaDigestColsRef, ShaRoundColsRef};
+
+pub trait Sha2Config: Send + Sync + Clone {
+    type Word: 'static
+        + Shr<usize, Output = Self::Word>
+        + Shl<usize, Output = Self::Word>
+        + BitAnd<Output = Self::Word>
+        + Not<Output = Self::Word>
+        + BitXor<Output = Self::Word>
+        + BitOr<Output = Self::Word>
+        + RotateRight
+        + WrappingAdd
+        + PartialEq
+        + From<u32>
+        + TryInto<u32, Error: std::fmt::Debug>
+        + Copy
+        + Send
+        + Sync;
+    /// Number of bits in a SHA word
+    const WORD_BITS: usize;
+    /// Number of 16-bit limbs in a SHA word
+    const WORD_U16S: usize = Self::WORD_BITS / 16;
+    /// Number of 8-bit limbs in a SHA word
+    const WORD_U8S: usize = Self::WORD_BITS / 8;
+    /// Number of words in a SHA block
+    const BLOCK_WORDS: usize;
+    /// Number of cells in a SHA block
+    const BLOCK_U8S: usize = Self::BLOCK_WORDS * Self::WORD_U8S;
+    /// Number of bits in a SHA block
+    const BLOCK_BITS: usize = Self::BLOCK_WORDS * Self::WORD_BITS;
+    /// Number of rows per block
+    const ROWS_PER_BLOCK: usize;
+    /// Number of rounds per row. Must divide Self::ROUNDS_PER_BLOCK
+    const ROUNDS_PER_ROW: usize;
+    /// Number of rows used for the sha rounds
+    const ROUND_ROWS: usize = Self::ROUNDS_PER_BLOCK / Self::ROUNDS_PER_ROW;
+    /// Number of rows used for the message
+    const MESSAGE_ROWS: usize = Self::BLOCK_WORDS / Self::ROUNDS_PER_ROW;
+    /// Number of rounds per row minus one (needed for one of the column structs)
+    const ROUNDS_PER_ROW_MINUS_ONE: usize = Self::ROUNDS_PER_ROW - 1;
+    /// Number of rounds per block. Must be a multiple of Self::ROUNDS_PER_ROW
+    const ROUNDS_PER_BLOCK: usize;
+    /// Number of words in a SHA hash
+    const HASH_WORDS: usize;
+    /// Number of vars needed to encode the row index with [Encoder]
+    const ROW_VAR_CNT: usize;
+    /// Width of the ShaRoundCols
+    const ROUND_WIDTH: usize = ShaRoundColsRef::<u8>::width::<Self>();
+    /// Width of the ShaDigestCols
+    const DIGEST_WIDTH: usize = ShaDigestColsRef::<u8>::width::<Self>();
+    /// Width of the ShaCols
+    const WIDTH: usize = if Self::ROUND_WIDTH > Self::DIGEST_WIDTH {
+        Self::ROUND_WIDTH
+    } else {
+        Self::DIGEST_WIDTH
+    };
+    /// Number of cells used in each message row to store the message
+    const CELLS_PER_ROW: usize = Self::ROUNDS_PER_ROW * Self::WORD_U8S;
+
+    ///  To optimize the trace generation of invalid rows, we precompute those values.
+    // these should be appropriately sized for the config
+    fn get_invalid_carry_a(round_num: usize) -> &'static [u32];
+    fn get_invalid_carry_e(round_num: usize) -> &'static [u32];
+
+    /// We also store the SHA constants K and H
+    fn get_k() -> &'static [Self::Word];
+    fn get_h() -> &'static [Self::Word];
+}
+
+#[derive(Clone)]
+pub struct Sha256Config;
+
+impl Sha2Config for Sha256Config {
+    // ==== Do not change these constants! ====
+    type Word = u32;
+    /// Number of bits in a SHA256 word
+    const WORD_BITS: usize = 32;
+    /// Number of words in a SHA256 block
+    const BLOCK_WORDS: usize = 16;
+    /// Number of rows per block
+    const ROWS_PER_BLOCK: usize = 17;
+    /// Number of rounds per row
+    const ROUNDS_PER_ROW: usize = 4;
+    /// Number of rounds per block
+    const ROUNDS_PER_BLOCK: usize = 64;
+    /// Number of words in a SHA256 hash
+    const HASH_WORDS: usize = 8;
+    /// Number of vars needed to encode the row index with [Encoder]
+    const ROW_VAR_CNT: usize = 5;
+
+    fn get_invalid_carry_a(round_num: usize) -> &'static [u32] {
+        &SHA256_INVALID_CARRY_A[round_num]
+    }
+    fn get_invalid_carry_e(round_num: usize) -> &'static [u32] {
+        &SHA256_INVALID_CARRY_E[round_num]
+    }
+    fn get_k() -> &'static [u32] {
+        &SHA256_K
+    }
+    fn get_h() -> &'static [u32] {
+        &SHA256_H
+    }
+}
+
+pub const SHA256_INVALID_CARRY_A: [[u32; Sha256Config::WORD_U16S]; Sha256Config::ROUNDS_PER_ROW] = [
+    [1230919683, 1162494304],
+    [266373122, 1282901987],
+    [1519718403, 1008990871],
+    [923381762, 330807052],
+];
+pub const SHA256_INVALID_CARRY_E: [[u32; Sha256Config::WORD_U16S]; Sha256Config::ROUNDS_PER_ROW] = [
+    [204933122, 1994683449],
+    [443873282, 1544639095],
+    [719953922, 1888246508],
+    [194580482, 1075725211],
+];
+
+/// SHA256 constant K's
+pub const SHA256_K: [u32; 64] = [
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
+];
+/// SHA256 initial hash values
+pub const SHA256_H: [u32; 8] = [
+    0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,
+];
+
+#[derive(Clone)]
+pub struct Sha512Config;
+
+impl Sha2Config for Sha512Config {
+    // ==== Do not change these constants! ====
+    type Word = u64;
+    /// Number of bits in a SHA512 word
+    const WORD_BITS: usize = 64;
+    /// Number of words in a SHA512 block
+    const BLOCK_WORDS: usize = 16;
+    /// Number of rows per block
+    const ROWS_PER_BLOCK: usize = 21;
+    /// Number of rounds per row
+    const ROUNDS_PER_ROW: usize = 4;
+    /// Number of rounds per block
+    const ROUNDS_PER_BLOCK: usize = 80;
+    /// Number of words in a SHA512 hash
+    const HASH_WORDS: usize = 8;
+    /// Number of vars needed to encode the row index with [Encoder]
+    const ROW_VAR_CNT: usize = 6;
+
+    fn get_invalid_carry_a(round_num: usize) -> &'static [u32] {
+        &SHA512_INVALID_CARRY_A[round_num]
+    }
+    fn get_invalid_carry_e(round_num: usize) -> &'static [u32] {
+        &SHA512_INVALID_CARRY_E[round_num]
+    }
+    fn get_k() -> &'static [u64] {
+        &SHA512_K
+    }
+    fn get_h() -> &'static [u64] {
+        &SHA512_H
+    }
+}
+
+pub(crate) const SHA512_INVALID_CARRY_A: [[u32; Sha512Config::WORD_U16S];
+    Sha512Config::ROUNDS_PER_ROW] = [
+    [55971842, 827997017, 993005918, 512731953],
+    [227512322, 1697529235, 1936430385, 940122990],
+    [1939875843, 1173318562, 826201586, 1513494849],
+    [891955202, 1732283693, 1736658755, 223514501],
+];
+
+pub(crate) const SHA512_INVALID_CARRY_E: [[u32; Sha512Config::WORD_U16S];
+    Sha512Config::ROUNDS_PER_ROW] = [
+    [1384427522, 1509509767, 153131516, 102514978],
+    [1527552003, 1041677071, 837289497, 843522538],
+    [775188482, 1620184630, 744892564, 892058728],
+    [1801267202, 1393118048, 1846108940, 830635531],
+];
+
+/// SHA512 constant K's
+pub const SHA512_K: [u64; 80] = [
+    0x428a2f98d728ae22,
+    0x7137449123ef65cd,
+    0xb5c0fbcfec4d3b2f,
+    0xe9b5dba58189dbbc,
+    0x3956c25bf348b538,
+    0x59f111f1b605d019,
+    0x923f82a4af194f9b,
+    0xab1c5ed5da6d8118,
+    0xd807aa98a3030242,
+    0x12835b0145706fbe,
+    0x243185be4ee4b28c,
+    0x550c7dc3d5ffb4e2,
+    0x72be5d74f27b896f,
+    0x80deb1fe3b1696b1,
+    0x9bdc06a725c71235,
+    0xc19bf174cf692694,
+    0xe49b69c19ef14ad2,
+    0xefbe4786384f25e3,
+    0x0fc19dc68b8cd5b5,
+    0x240ca1cc77ac9c65,
+    0x2de92c6f592b0275,
+    0x4a7484aa6ea6e483,
+    0x5cb0a9dcbd41fbd4,
+    0x76f988da831153b5,
+    0x983e5152ee66dfab,
+    0xa831c66d2db43210,
+    0xb00327c898fb213f,
+    0xbf597fc7beef0ee4,
+    0xc6e00bf33da88fc2,
+    0xd5a79147930aa725,
+    0x06ca6351e003826f,
+    0x142929670a0e6e70,
+    0x27b70a8546d22ffc,
+    0x2e1b21385c26c926,
+    0x4d2c6dfc5ac42aed,
+    0x53380d139d95b3df,
+    0x650a73548baf63de,
+    0x766a0abb3c77b2a8,
+    0x81c2c92e47edaee6,
+    0x92722c851482353b,
+    0xa2bfe8a14cf10364,
+    0xa81a664bbc423001,
+    0xc24b8b70d0f89791,
+    0xc76c51a30654be30,
+    0xd192e819d6ef5218,
+    0xd69906245565a910,
+    0xf40e35855771202a,
+    0x106aa07032bbd1b8,
+    0x19a4c116b8d2d0c8,
+    0x1e376c085141ab53,
+    0x2748774cdf8eeb99,
+    0x34b0bcb5e19b48a8,
+    0x391c0cb3c5c95a63,
+    0x4ed8aa4ae3418acb,
+    0x5b9cca4f7763e373,
+    0x682e6ff3d6b2b8a3,
+    0x748f82ee5defb2fc,
+    0x78a5636f43172f60,
+    0x84c87814a1f0ab72,
+    0x8cc702081a6439ec,
+    0x90befffa23631e28,
+    0xa4506cebde82bde9,
+    0xbef9a3f7b2c67915,
+    0xc67178f2e372532b,
+    0xca273eceea26619c,
+    0xd186b8c721c0c207,
+    0xeada7dd6cde0eb1e,
+    0xf57d4f7fee6ed178,
+    0x06f067aa72176fba,
+    0x0a637dc5a2c898a6,
+    0x113f9804bef90dae,
+    0x1b710b35131c471b,
+    0x28db77f523047d84,
+    0x32caab7b40c72493,
+    0x3c9ebe0a15c9bebc,
+    0x431d67c49c100d4c,
+    0x4cc5d4becb3e42b6,
+    0x597f299cfc657e2a,
+    0x5fcb6fab3ad6faec,
+    0x6c44198c4a475817,
+];
+/// SHA512 initial hash values
+pub const SHA512_H: [u64; 8] = [
+    0x6a09e667f3bcc908,
+    0xbb67ae8584caa73b,
+    0x3c6ef372fe94f82b,
+    0xa54ff53a5f1d36f1,
+    0x510e527fade682d1,
+    0x9b05688c2b3e6c1f,
+    0x1f83d9abfb41bd6b,
+    0x5be0cd19137e2179,
+];
+
+#[derive(Clone)]
+pub struct Sha384Config;
+
+impl Sha2Config for Sha384Config {
+    // ==== Do not change these constants! ====
+    type Word = u64;
+    /// Number of bits in a SHA384 word
+    const WORD_BITS: usize = 64;
+    /// Number of words in a SHA384 block
+    const BLOCK_WORDS: usize = 16;
+    /// Number of rows per block
+    const ROWS_PER_BLOCK: usize = 21;
+    /// Number of rounds per row
+    const ROUNDS_PER_ROW: usize = 4;
+    /// Number of rounds per block
+    const ROUNDS_PER_BLOCK: usize = 80;
+    /// Number of words in a SHA384 hash
+    const HASH_WORDS: usize = 8;
+    /// Number of vars needed to encode the row index with [Encoder]
+    const ROW_VAR_CNT: usize = 6;
+
+    fn get_invalid_carry_a(round_num: usize) -> &'static [u32] {
+        &SHA384_INVALID_CARRY_A[round_num]
+    }
+    fn get_invalid_carry_e(round_num: usize) -> &'static [u32] {
+        &SHA384_INVALID_CARRY_E[round_num]
+    }
+    fn get_k() -> &'static [u64] {
+        &SHA384_K
+    }
+    fn get_h() -> &'static [u64] {
+        &SHA384_H
+    }
+}
+
+pub(crate) const SHA384_INVALID_CARRY_A: [[u32; Sha384Config::WORD_U16S];
+    Sha384Config::ROUNDS_PER_ROW] = [
+    [1571481603, 1428841901, 1050676523, 793575075],
+    [1233315842, 1822329223, 112923808, 1874228927],
+    [1245603842, 927240770, 1579759431, 70557227],
+    [195532801, 594312107, 1429379950, 220407092],
+];
+
+pub(crate) const SHA384_INVALID_CARRY_E: [[u32; Sha384Config::WORD_U16S];
+    Sha384Config::ROUNDS_PER_ROW] = [
+    [1067980802, 1508061099, 1418826213, 1232569491],
+    [1453086722, 1702524575, 152427899, 238512408],
+    [1623674882, 701393097, 1002035664, 4776891],
+    [1888911362, 184963225, 1151849224, 1034237098],
+];
+
+/// SHA384 constant K's
+pub const SHA384_K: [u64; 80] = SHA512_K;
+
+/// SHA384 initial hash values
+pub const SHA384_H: [u64; 8] = [
+    0xcbbb9d5dc1059ed8,
+    0x629a292a367cd507,
+    0x9159015a3070dd17,
+    0x152fecd8f70e5939,
+    0x67332667ffc00b31,
+    0x8eb44a8768581511,
+    0xdb0c2e0d64f98fa7,
+    0x47b5481dbefa4fa4,
+];
+
+// Needed to avoid compile errors in utils.rs
+// not sure why this doesn't inf loop
+pub trait RotateRight {
+    fn rotate_right(self, n: u32) -> Self;
+}
+impl RotateRight for u32 {
+    fn rotate_right(self, n: u32) -> Self {
+        self.rotate_right(n)
+    }
+}
+impl RotateRight for u64 {
+    fn rotate_right(self, n: u32) -> Self {
+        self.rotate_right(n)
+    }
+}
+pub trait WrappingAdd {
+    fn wrapping_add(self, n: Self) -> Self;
+}
+impl WrappingAdd for u32 {
+    fn wrapping_add(self, n: u32) -> Self {
+        self.wrapping_add(n)
+    }
+}
+impl WrappingAdd for u64 {
+    fn wrapping_add(self, n: u64) -> Self {
+        self.wrapping_add(n)
+    }
+}
diff --git a/crates/circuits/sha256-air/src/lib.rs b/crates/circuits/sha2-air/src/lib.rs
similarity index 65%
rename from crates/circuits/sha256-air/src/lib.rs
rename to crates/circuits/sha2-air/src/lib.rs
index 48bdaee5f9..7c7d095938 100644
--- a/crates/circuits/sha256-air/src/lib.rs
+++ b/crates/circuits/sha2-air/src/lib.rs
@@ -1,13 +1,15 @@
-//! Implementation of the SHA256 compression function without padding
+//! Implementation of the SHA256/SHA512 compression function without padding
 //! This this AIR doesn't constrain any of the message padding
 
 mod air;
 mod columns;
+mod config;
 mod trace;
 mod utils;
 
 pub use air::*;
 pub use columns::*;
+pub use config::*;
 pub use trace::*;
 pub use utils::*;
 
diff --git a/crates/circuits/sha2-air/src/tests.rs b/crates/circuits/sha2-air/src/tests.rs
new file mode 100644
index 0000000000..58aeda0b7c
--- /dev/null
+++ b/crates/circuits/sha2-air/src/tests.rs
@@ -0,0 +1,297 @@
+use std::{borrow::BorrowMut, cmp::max, sync::Arc};
+
+use openvm_circuit::arch::{
+    instructions::riscv::RV32_CELL_BITS,
+    testing::{VmChipTestBuilder, BITWISE_OP_LOOKUP_BUS},
+};
+use openvm_circuit_primitives::{
+    bitwise_op_lookup::{BitwiseOperationLookupBus, SharedBitwiseOperationLookupChip},
+    SubAir,
+};
+use openvm_stark_backend::{
+    config::{StarkGenericConfig, Val},
+    interaction::{BusIndex, InteractionBuilder},
+    p3_air::{Air, BaseAir},
+    p3_field::{Field, FieldAlgebra, PrimeField32},
+    p3_maybe_rayon::prelude::{IndexedParallelIterator, ParallelIterator, ParallelSliceMut},
+    prover::types::AirProofInput,
+    rap::{get_air_name, BaseAirWithPublicValues, PartitionedBaseAir},
+    AirRef, Chip, ChipUsageGetter,
+};
+use openvm_stark_sdk::utils::create_seeded_rng;
+use rand::Rng;
+
+use crate::{
+    compose, small_sig0_field, Sha256Config, Sha2Air, Sha2Config, Sha384Config, Sha512Config,
+    ShaDigestColsRefMut, ShaRoundColsRef, ShaRoundColsRefMut,
+};
+
+// A wrapper AIR purely for testing purposes
+#[derive(Clone, Debug)]
+pub struct ShaTestAir<C: Sha2Config> {
+    pub sub_air: Sha2Air<C>,
+}
+
+impl<F: Field, C: Sha2Config> BaseAirWithPublicValues<F> for ShaTestAir<C> {}
+impl<F: Field, C: Sha2Config> PartitionedBaseAir<F> for ShaTestAir<C> {}
+impl<F: Field, C: Sha2Config> BaseAir<F> for ShaTestAir<C> {
+    fn width(&self) -> usize {
+        <Sha2Air<C> as BaseAir<F>>::width(&self.sub_air)
+    }
+}
+
+impl<AB: InteractionBuilder, C: Sha2Config> Air<AB> for ShaTestAir<C> {
+    fn eval(&self, builder: &mut AB) {
+        self.sub_air.eval(builder, 0);
+    }
+}
+
+// A wrapper Chip purely for testing purposes
+pub struct ShaTestChip<C: Sha2Config> {
+    pub air: ShaTestAir<C>,
+    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+    pub records: Vec<(Vec<u8>, bool)>, // length of inner vec is BLOCK_U8S
+}
+
+impl<SC: StarkGenericConfig, C: Sha2Config + 'static> Chip<SC> for ShaTestChip<C>
+where
+    Val<SC>: PrimeField32,
+{
+    fn air(&self) -> AirRef<SC> {
+        Arc::new(self.air.clone())
+    }
+
+    fn generate_air_proof_input(self) -> AirProofInput<SC> {
+        let trace = crate::generate_trace::<Val<SC>, C>(
+            &self.air.sub_air,
+            self.bitwise_lookup_chip.clone(),
+            self.records,
+        );
+        AirProofInput::simple_no_pis(trace)
+    }
+}
+
+impl<C: Sha2Config> ChipUsageGetter for ShaTestChip<C> {
+    fn air_name(&self) -> String {
+        get_air_name(&self.air)
+    }
+    fn current_trace_height(&self) -> usize {
+        self.records.len() * C::ROWS_PER_BLOCK
+    }
+
+    fn trace_width(&self) -> usize {
+        max(C::ROUND_WIDTH, C::DIGEST_WIDTH)
+    }
+}
+
+const SELF_BUS_IDX: BusIndex = 28;
+fn rand_sha_test<C: Sha2Config + 'static>() {
+    let mut rng = create_seeded_rng();
+    let tester = VmChipTestBuilder::default();
+    let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
+    let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
+    let len = rng.gen_range(1..100);
+    let random_records: Vec<_> = (0..len)
+        .map(|i| {
+            (
+                (0..C::BLOCK_U8S)
+                    .map(|_| rng.gen::<u8>())
+                    .collect::<Vec<_>>(),
+                rng.gen::<bool>() || i == len - 1,
+            )
+        })
+        .collect();
+    let chip = ShaTestChip {
+        air: ShaTestAir {
+            sub_air: Sha2Air::<C>::new(bitwise_bus, SELF_BUS_IDX),
+        },
+        bitwise_lookup_chip: bitwise_chip.clone(),
+        records: random_records,
+    };
+
+    let tester = tester.build().load(chip).load(bitwise_chip).finalize();
+    tester.simple_test().expect("Verification failed");
+}
+
+#[test]
+fn rand_sha256_test() {
+    rand_sha_test::<Sha256Config>();
+}
+
+#[test]
+fn rand_sha512_test() {
+    rand_sha_test::<Sha512Config>();
+}
+
+#[test]
+fn rand_sha384_test() {
+    rand_sha_test::<Sha384Config>();
+}
+
+// A wrapper Chip to test that the final_hash is properly constrained.
+// This chip implements a malicious trace gen that violates the final_hash constraints.
+pub struct ShaTestBadFinalHashChip<C: Sha2Config> {
+    pub air: ShaTestAir<C>,
+    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+    pub records: Vec<(Vec<u8>, bool)>, // length of inner vec should be C::BLOCK_U8S
+}
+
+impl<SC: StarkGenericConfig, C: Sha2Config + 'static> Chip<SC> for ShaTestBadFinalHashChip<C>
+where
+    Val<SC>: PrimeField32,
+{
+    fn air(&self) -> AirRef<SC> {
+        Arc::new(self.air.clone())
+    }
+
+    fn generate_air_proof_input(self) -> AirProofInput<SC> {
+        let mut trace = crate::generate_trace::<Val<SC>, C>(
+            &self.air.sub_air,
+            self.bitwise_lookup_chip.clone(),
+            self.records.clone(),
+        );
+
+        // Set the final_hash in the digest row of the last block of each hash to zero.
+        // That is, every hash that this chip does will result in a final_hash of zero.
+        for (i, row) in self.records.iter().enumerate() {
+            if row.1 {
+                let last_digest_row_idx = (i + 1) * C::ROWS_PER_BLOCK - 1;
+                let mut last_digest_row: crate::ShaDigestColsRefMut<Val<SC>> =
+                    ShaDigestColsRefMut::from::<C>(
+                        trace.row_mut(last_digest_row_idx)[..C::DIGEST_WIDTH].borrow_mut(),
+                    );
+                // Set the final_hash to all zeros
+                for i in 0..C::HASH_WORDS {
+                    for j in 0..C::WORD_U8S {
+                        last_digest_row.final_hash[[i, j]] = Val::<SC>::ZERO;
+                    }
+                }
+
+                let (last_round_row, last_digest_row) =
+                    trace.row_pair_mut(last_digest_row_idx - 1, last_digest_row_idx);
+                let last_round_row: crate::ShaRoundColsRefMut<Val<SC>> =
+                    ShaRoundColsRefMut::from::<C>(last_round_row.borrow_mut());
+                let mut last_digest_row: crate::ShaRoundColsRefMut<Val<SC>> =
+                    ShaRoundColsRefMut::from::<C>(last_digest_row.borrow_mut());
+                // fix the intermed_4 for the digest row
+                generate_intermed_4::<Val<SC>, C>(
+                    &ShaRoundColsRef::from_mut::<C>(&last_round_row),
+                    &mut last_digest_row,
+                );
+            }
+        }
+
+        let non_padded_height = self.records.len() * C::ROWS_PER_BLOCK;
+        let width = <Sha2Air<C> as BaseAir<Val<SC>>>::width(&self.air.sub_air);
+        // recalculate the missing cells (second pass of generate_trace)
+        trace.values[width..]
+            .par_chunks_mut(width * C::ROWS_PER_BLOCK)
+            .take(non_padded_height / C::ROWS_PER_BLOCK)
+            .for_each(|chunk| {
+                self.air.sub_air.generate_missing_cells(chunk, width, 0);
+            });
+
+        AirProofInput::simple_no_pis(trace)
+    }
+}
+
+// Copy of private method in Sha256Air used for testing
+/// Puts the correct intermed_4 in the `next_row`
+fn generate_intermed_4<F: PrimeField32, C: Sha2Config>(
+    local_cols: &ShaRoundColsRef<F>,
+    next_cols: &mut ShaRoundColsRefMut<F>,
+) {
+    let w = [
+        local_cols
+            .message_schedule
+            .w
+            .rows()
+            .into_iter()
+            .collect::<Vec<_>>(),
+        next_cols
+            .message_schedule
+            .w
+            .rows()
+            .into_iter()
+            .collect::<Vec<_>>(),
+    ]
+    .concat();
+
+    // length of inner vec is C::WORD_U16S
+    let w_limbs: Vec<Vec<F>> = w
+        .iter()
+        .map(|x| {
+            (0..C::WORD_U16S)
+                .map(|i| compose::<F>(&x.as_slice().unwrap()[i * 16..(i + 1) * 16], 1))
+                .collect::<Vec<F>>()
+        })
+        .collect();
+    for i in 0..C::ROUNDS_PER_ROW {
+        let sig_w = small_sig0_field::<F, C>(w[i + 1].as_slice().unwrap());
+        let sig_w_limbs: Vec<F> = (0..C::WORD_U16S)
+            .map(|j| compose::<F>(&sig_w[j * 16..(j + 1) * 16], 1))
+            .collect();
+        for (j, sig_w_limb) in sig_w_limbs.iter().enumerate() {
+            next_cols.schedule_helper.intermed_4[[i, j]] = w_limbs[i][j] + *sig_w_limb;
+        }
+    }
+}
+
+impl<C: Sha2Config> ChipUsageGetter for ShaTestBadFinalHashChip<C> {
+    fn air_name(&self) -> String {
+        get_air_name(&self.air)
+    }
+    fn current_trace_height(&self) -> usize {
+        self.records.len() * C::ROWS_PER_BLOCK
+    }
+
+    fn trace_width(&self) -> usize {
+        max(C::ROUND_WIDTH, C::DIGEST_WIDTH)
+    }
+}
+
+fn test_sha_final_hash_constraints<C: Sha2Config + 'static>() {
+    let mut rng = create_seeded_rng();
+    let tester = VmChipTestBuilder::default();
+    let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
+    let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
+    let len = rng.gen_range(1..100);
+    let random_records: Vec<_> = (0..len)
+        .map(|_| {
+            (
+                (0..C::BLOCK_U8S)
+                    .map(|_| rng.gen::<u8>())
+                    .collect::<Vec<_>>(),
+                true,
+            )
+        })
+        .collect();
+    let chip = ShaTestBadFinalHashChip {
+        air: ShaTestAir {
+            sub_air: Sha2Air::<C>::new(bitwise_bus, SELF_BUS_IDX),
+        },
+        bitwise_lookup_chip: bitwise_chip.clone(),
+        records: random_records,
+    };
+
+    let tester = tester.build().load(chip).load(bitwise_chip).finalize();
+    tester.simple_test().expect("Verification failed");
+}
+
+#[test]
+#[should_panic]
+fn test_sha256_final_hash_constraints() {
+    test_sha_final_hash_constraints::<Sha256Config>();
+}
+
+#[test]
+#[should_panic]
+fn test_sha512_final_hash_constraints() {
+    test_sha_final_hash_constraints::<Sha512Config>();
+}
+
+#[test]
+#[should_panic]
+fn test_sha384_final_hash_constraints() {
+    test_sha_final_hash_constraints::<Sha384Config>();
+}
diff --git a/crates/circuits/sha2-air/src/trace.rs b/crates/circuits/sha2-air/src/trace.rs
new file mode 100644
index 0000000000..ed302edefd
--- /dev/null
+++ b/crates/circuits/sha2-air/src/trace.rs
@@ -0,0 +1,844 @@
+use std::ops::Range;
+
+use openvm_circuit_primitives::{
+    bitwise_op_lookup::SharedBitwiseOperationLookupChip, utils::next_power_of_two_or_zero,
+};
+use openvm_stark_backend::{
+    p3_air::BaseAir, p3_field::PrimeField32, p3_matrix::dense::RowMajorMatrix,
+    p3_maybe_rayon::prelude::*,
+};
+use sha2::{compress256, compress512, digest::generic_array::GenericArray};
+
+use super::{
+    air::Sha2Air, big_sig0_field, big_sig1_field, ch_field, compose, get_flag_pt_array, maj_field,
+    small_sig0_field, small_sig1_field, ShaRoundColsRefMut,
+};
+use crate::{
+    big_sig0, big_sig1, ch, limbs_into_word, maj, small_sig0, small_sig1, word_into_bits,
+    word_into_u16_limbs, word_into_u8_limbs, Sha2Config, ShaDigestColsRefMut, ShaRoundColsRef,
+    WrappingAdd,
+};
+
+/// The trace generation of SHA should be done in two passes.
+/// The first pass should do `get_block_trace` for every block and generate the invalid rows through `get_default_row`
+/// The second pass should go through all the blocks and call `generate_missing_cells`
+impl<C: Sha2Config> Sha2Air<C> {
+    /// This function takes the input_message (padding not handled), the previous hash,
+    /// and returns the new hash after processing the block input
+    pub fn get_block_hash(prev_hash: &[C::Word], input: Vec<u8>) -> Vec<C::Word> {
+        debug_assert!(prev_hash.len() == C::HASH_WORDS);
+        debug_assert!(input.len() == C::BLOCK_U8S);
+        let mut new_hash: [C::Word; 8] = prev_hash.try_into().unwrap();
+        if C::WORD_BITS == 32 {
+            let hash_ptr: &mut [u32; 8] = unsafe { std::mem::transmute(&mut new_hash) };
+            let input_array = [*GenericArray::<u8, sha2::digest::consts::U64>::from_slice(
+                &input,
+            )];
+            compress256(hash_ptr, &input_array);
+        } else if C::WORD_BITS == 64 {
+            let hash_ptr: &mut [u64; 8] = unsafe { std::mem::transmute(&mut new_hash) };
+            let input_array = [*GenericArray::<u8, sha2::digest::consts::U128>::from_slice(
+                &input,
+            )];
+            compress512(hash_ptr, &input_array);
+        }
+        new_hash.to_vec()
+    }
+
+    /// This function takes a (C::WORD_BITS * C::BLOCK_WORDS)-bit chunk of the input message (padding not handled), the previous hash,
+    /// a flag indicating if it's the last block, the global block index, the local block index,
+    /// and the buffer values that will be put in rows 0..4.
+    /// Will populate the given `trace` with the trace of the block, where the width of the trace is `trace_width`
+    /// and the starting column for the `ShaAir` is `trace_start_col`.
+    /// **Note**: this function only generates some of the required trace. Another pass is required, refer to [`Self::generate_missing_cells`] for details.
+    #[allow(clippy::too_many_arguments)]
+    pub fn generate_block_trace<F: PrimeField32>(
+        &self,
+        trace: &mut [F],
+        trace_width: usize,
+        trace_start_col: usize,
+        input: &[C::Word],
+        bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+        prev_hash: &[C::Word],
+        is_last_block: bool,
+        global_block_idx: u32,
+        local_block_idx: u32,
+        buffer_vals: Vec<Vec<F>>,
+    ) {
+        #[cfg(debug_assertions)]
+        {
+            assert!(input.len() == C::BLOCK_WORDS);
+            assert!(prev_hash.len() == C::HASH_WORDS);
+            assert!(buffer_vals.len() == C::MESSAGE_ROWS);
+            assert!(buffer_vals.iter().all(|x| x.len() == C::CELLS_PER_ROW));
+            assert!(trace.len() == trace_width * C::ROWS_PER_BLOCK);
+            assert!(trace_start_col + C::WIDTH <= trace_width);
+            assert!(self.bitwise_lookup_bus == bitwise_lookup_chip.bus());
+            if local_block_idx == 0 {
+                assert!(*prev_hash == *C::get_h());
+            }
+        }
+        let get_range = |start: usize, len: usize| -> Range<usize> { start..start + len };
+        let mut message_schedule = vec![C::Word::from(0); C::ROUNDS_PER_BLOCK];
+        message_schedule[..input.len()].copy_from_slice(input);
+        let mut work_vars = prev_hash.to_vec();
+        for (i, row) in trace.chunks_exact_mut(trace_width).enumerate() {
+            // do the rounds
+            if i < C::ROUND_ROWS {
+                let mut cols: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+                    &mut row[get_range(trace_start_col, C::ROUND_WIDTH)],
+                );
+                *cols.flags.is_round_row = F::ONE;
+                *cols.flags.is_first_4_rows = if i < 4 { F::ONE } else { F::ZERO };
+                *cols.flags.is_digest_row = F::ZERO;
+                *cols.flags.is_last_block = F::from_bool(is_last_block);
+                cols.flags
+                    .row_idx
+                    .iter_mut()
+                    .zip(
+                        get_flag_pt_array(&self.row_idx_encoder, i)
+                            .into_iter()
+                            .map(F::from_canonical_u32),
+                    )
+                    .for_each(|(x, y)| *x = y);
+
+                *cols.flags.global_block_idx = F::from_canonical_u32(global_block_idx);
+                *cols.flags.local_block_idx = F::from_canonical_u32(local_block_idx);
+
+                // W_idx = M_idx
+                if i < C::MESSAGE_ROWS {
+                    for j in 0..C::ROUNDS_PER_ROW {
+                        cols.message_schedule
+                            .w
+                            .row_mut(j)
+                            .iter_mut()
+                            .zip(
+                                word_into_bits::<C>(input[i * C::ROUNDS_PER_ROW + j])
+                                    .into_iter()
+                                    .map(F::from_canonical_u32),
+                            )
+                            .for_each(|(x, y)| *x = y);
+                        cols.message_schedule
+                            .carry_or_buffer
+                            .row_mut(j)
+                            .iter_mut()
+                            .zip((0..C::WORD_U8S).map(|k| buffer_vals[i][j * C::WORD_U8S + k]))
+                            .for_each(|(x, y)| *x = y);
+                    }
+                }
+                // W_idx = SIG1(W_{idx-2}) + W_{idx-7} + SIG0(W_{idx-15}) + W_{idx-16}
+                else {
+                    for j in 0..C::ROUNDS_PER_ROW {
+                        let idx = i * C::ROUNDS_PER_ROW + j;
+                        let nums: [C::Word; 4] = [
+                            small_sig1::<C>(message_schedule[idx - 2]),
+                            message_schedule[idx - 7],
+                            small_sig0::<C>(message_schedule[idx - 15]),
+                            message_schedule[idx - 16],
+                        ];
+                        let w: C::Word = nums
+                            .iter()
+                            .fold(C::Word::from(0), |acc, &num| acc.wrapping_add(num));
+                        cols.message_schedule
+                            .w
+                            .row_mut(j)
+                            .iter_mut()
+                            .zip(
+                                word_into_bits::<C>(w)
+                                    .into_iter()
+                                    .map(F::from_canonical_u32),
+                            )
+                            .for_each(|(x, y)| *x = y);
+
+                        let nums_limbs = nums
+                            .iter()
+                            .map(|x| word_into_u16_limbs::<C>(*x))
+                            .collect::<Vec<_>>();
+                        let w_limbs = word_into_u16_limbs::<C>(w);
+
+                        // fill in the carrys
+                        for k in 0..C::WORD_U16S {
+                            let mut sum = nums_limbs.iter().fold(0, |acc, num| acc + num[k]);
+                            if k > 0 {
+                                sum += (cols.message_schedule.carry_or_buffer[[j, k * 2 - 2]]
+                                    + F::TWO
+                                        * cols.message_schedule.carry_or_buffer[[j, k * 2 - 1]])
+                                .as_canonical_u32();
+                            }
+                            let carry = (sum - w_limbs[k]) >> 16;
+                            cols.message_schedule.carry_or_buffer[[j, k * 2]] =
+                                F::from_canonical_u32(carry & 1);
+                            cols.message_schedule.carry_or_buffer[[j, k * 2 + 1]] =
+                                F::from_canonical_u32(carry >> 1);
+                        }
+                        // update the message schedule
+                        message_schedule[idx] = w;
+                    }
+                }
+                // fill in the work variables
+                for j in 0..C::ROUNDS_PER_ROW {
+                    // t1 = h + SIG1(e) + ch(e, f, g) + K_idx + W_idx
+                    let t1 = [
+                        work_vars[7],
+                        big_sig1::<C>(work_vars[4]),
+                        ch::<C>(work_vars[4], work_vars[5], work_vars[6]),
+                        C::get_k()[i * C::ROUNDS_PER_ROW + j],
+                        limbs_into_word::<C>(
+                            cols.message_schedule
+                                .w
+                                .row(j)
+                                .map(|f| f.as_canonical_u32())
+                                .as_slice()
+                                .unwrap(),
+                        ),
+                    ];
+                    let t1_sum: C::Word = t1
+                        .iter()
+                        .fold(C::Word::from(0), |acc, &num| acc.wrapping_add(num));
+
+                    // t2 = SIG0(a) + maj(a, b, c)
+                    let t2 = [
+                        big_sig0::<C>(work_vars[0]),
+                        maj::<C>(work_vars[0], work_vars[1], work_vars[2]),
+                    ];
+
+                    let t2_sum: C::Word = t2
+                        .iter()
+                        .fold(C::Word::from(0), |acc, &num| acc.wrapping_add(num));
+
+                    // e = d + t1
+                    let e = work_vars[3].wrapping_add(t1_sum);
+                    cols.work_vars
+                        .e
+                        .row_mut(j)
+                        .iter_mut()
+                        .zip(
+                            word_into_bits::<C>(e)
+                                .into_iter()
+                                .map(F::from_canonical_u32),
+                        )
+                        .for_each(|(x, y)| *x = y);
+                    let e_limbs = word_into_u16_limbs::<C>(e);
+                    // a = t1 + t2
+                    let a = t1_sum.wrapping_add(t2_sum);
+                    cols.work_vars
+                        .a
+                        .row_mut(j)
+                        .iter_mut()
+                        .zip(
+                            word_into_bits::<C>(a)
+                                .into_iter()
+                                .map(F::from_canonical_u32),
+                        )
+                        .for_each(|(x, y)| *x = y);
+                    let a_limbs = word_into_u16_limbs::<C>(a);
+                    // fill in the carrys
+                    for k in 0..C::WORD_U16S {
+                        let t1_limb = t1
+                            .iter()
+                            .fold(0, |acc, &num| acc + word_into_u16_limbs::<C>(num)[k]);
+                        let t2_limb = t2
+                            .iter()
+                            .fold(0, |acc, &num| acc + word_into_u16_limbs::<C>(num)[k]);
+
+                        let mut e_limb = t1_limb + word_into_u16_limbs::<C>(work_vars[3])[k];
+                        let mut a_limb = t1_limb + t2_limb;
+                        if k > 0 {
+                            a_limb += cols.work_vars.carry_a[[j, k - 1]].as_canonical_u32();
+                            e_limb += cols.work_vars.carry_e[[j, k - 1]].as_canonical_u32();
+                        }
+                        let carry_a = (a_limb - a_limbs[k]) >> 16;
+                        let carry_e = (e_limb - e_limbs[k]) >> 16;
+                        cols.work_vars.carry_a[[j, k]] = F::from_canonical_u32(carry_a);
+                        cols.work_vars.carry_e[[j, k]] = F::from_canonical_u32(carry_e);
+                        bitwise_lookup_chip.request_range(carry_a, carry_e);
+                    }
+
+                    // update working variables
+                    work_vars[7] = work_vars[6];
+                    work_vars[6] = work_vars[5];
+                    work_vars[5] = work_vars[4];
+                    work_vars[4] = e;
+                    work_vars[3] = work_vars[2];
+                    work_vars[2] = work_vars[1];
+                    work_vars[1] = work_vars[0];
+                    work_vars[0] = a;
+                }
+
+                // filling w_3 and intermed_4 here and the rest later
+                if i > 0 {
+                    for j in 0..C::ROUNDS_PER_ROW {
+                        let idx = i * C::ROUNDS_PER_ROW + j;
+                        let w_4 = word_into_u16_limbs::<C>(message_schedule[idx - 4]);
+                        let sig_0_w_3 =
+                            word_into_u16_limbs::<C>(small_sig0::<C>(message_schedule[idx - 3]));
+                        cols.schedule_helper
+                            .intermed_4
+                            .row_mut(j)
+                            .iter_mut()
+                            .zip(
+                                (0..C::WORD_U16S)
+                                    .map(|k| F::from_canonical_u32(w_4[k] + sig_0_w_3[k]))
+                                    .collect::<Vec<_>>(),
+                            )
+                            .for_each(|(x, y)| *x = y);
+                        if j < C::ROUNDS_PER_ROW - 1 {
+                            let w_3 = message_schedule[idx - 3];
+                            cols.schedule_helper
+                                .w_3
+                                .row_mut(j)
+                                .iter_mut()
+                                .zip(
+                                    word_into_u16_limbs::<C>(w_3)
+                                        .into_iter()
+                                        .map(F::from_canonical_u32),
+                                )
+                                .for_each(|(x, y)| *x = y);
+                        }
+                    }
+                }
+            }
+            // generate the digest row
+            else {
+                let mut cols: ShaDigestColsRefMut<F> = ShaDigestColsRefMut::from::<C>(
+                    &mut row[get_range(trace_start_col, C::DIGEST_WIDTH)],
+                );
+                for j in 0..C::ROUNDS_PER_ROW - 1 {
+                    let w_3 = message_schedule[i * C::ROUNDS_PER_ROW + j - 3];
+                    cols.schedule_helper
+                        .w_3
+                        .row_mut(j)
+                        .iter_mut()
+                        .zip(
+                            word_into_u16_limbs::<C>(w_3)
+                                .into_iter()
+                                .map(F::from_canonical_u32)
+                                .collect::<Vec<_>>(),
+                        )
+                        .for_each(|(x, y)| *x = y);
+                }
+                *cols.flags.is_round_row = F::ZERO;
+                *cols.flags.is_first_4_rows = F::ZERO;
+                *cols.flags.is_digest_row = F::ONE;
+                *cols.flags.is_last_block = F::from_bool(is_last_block);
+                cols.flags
+                    .row_idx
+                    .iter_mut()
+                    .zip(
+                        get_flag_pt_array(&self.row_idx_encoder, C::ROUND_ROWS)
+                            .into_iter()
+                            .map(F::from_canonical_u32),
+                    )
+                    .for_each(|(x, y)| *x = y);
+
+                *cols.flags.global_block_idx = F::from_canonical_u32(global_block_idx);
+
+                *cols.flags.local_block_idx = F::from_canonical_u32(local_block_idx);
+                let final_hash: Vec<C::Word> = (0..C::HASH_WORDS)
+                    .map(|i| work_vars[i].wrapping_add(prev_hash[i]))
+                    .collect();
+                let final_hash_limbs: Vec<Vec<u32>> = final_hash
+                    .iter()
+                    .map(|word| word_into_u8_limbs::<C>(*word))
+                    .collect();
+                // need to ensure final hash limbs are bytes, in order for
+                //   prev_hash[i] + work_vars[i] == final_hash[i]
+                // to be constrained correctly
+                for word in final_hash_limbs.iter() {
+                    for chunk in word.chunks(2) {
+                        bitwise_lookup_chip.request_range(chunk[0], chunk[1]);
+                    }
+                }
+                cols.final_hash
+                    .iter_mut()
+                    .zip((0..C::HASH_WORDS).flat_map(|i| {
+                        word_into_u8_limbs::<C>(final_hash[i])
+                            .into_iter()
+                            .map(F::from_canonical_u32)
+                            .collect::<Vec<_>>()
+                    }))
+                    .for_each(|(x, y)| *x = y);
+                cols.prev_hash
+                    .iter_mut()
+                    .zip(prev_hash.iter().flat_map(|f| {
+                        word_into_u16_limbs::<C>(*f)
+                            .into_iter()
+                            .map(F::from_canonical_u32)
+                            .collect::<Vec<_>>()
+                    }))
+                    .for_each(|(x, y)| *x = y);
+
+                let hash = if is_last_block {
+                    C::get_h()
+                        .iter()
+                        .map(|x| word_into_bits::<C>(*x))
+                        .collect::<Vec<_>>()
+                } else {
+                    cols.final_hash
+                        .rows_mut()
+                        .into_iter()
+                        .map(|f| {
+                            limbs_into_word::<C>(
+                                f.map(|x| x.as_canonical_u32()).as_slice().unwrap(),
+                            )
+                        })
+                        .map(word_into_bits::<C>)
+                        .collect()
+                }
+                .into_iter()
+                .map(|x| x.into_iter().map(F::from_canonical_u32))
+                .collect::<Vec<_>>();
+
+                for i in 0..C::ROUNDS_PER_ROW {
+                    cols.hash
+                        .a
+                        .row_mut(i)
+                        .iter_mut()
+                        .zip(hash[C::ROUNDS_PER_ROW - i - 1].clone())
+                        .for_each(|(x, y)| *x = y);
+                    cols.hash
+                        .e
+                        .row_mut(i)
+                        .iter_mut()
+                        .zip(hash[C::ROUNDS_PER_ROW - i + 3].clone())
+                        .for_each(|(x, y)| *x = y);
+                }
+            }
+        }
+
+        for i in 0..C::ROWS_PER_BLOCK - 1 {
+            let rows = &mut trace[i * trace_width..(i + 2) * trace_width];
+            let (local, next) = rows.split_at_mut(trace_width);
+            let mut local_cols: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+                &mut local[get_range(trace_start_col, C::ROUND_WIDTH)],
+            );
+            let mut next_cols: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+                &mut next[get_range(trace_start_col, C::ROUND_WIDTH)],
+            );
+            if i > 0 {
+                for j in 0..C::ROUNDS_PER_ROW {
+                    next_cols
+                        .schedule_helper
+                        .intermed_8
+                        .row_mut(j)
+                        .assign(&local_cols.schedule_helper.intermed_4.row(j));
+                    if (2..C::ROWS_PER_BLOCK - 3).contains(&i) {
+                        next_cols
+                            .schedule_helper
+                            .intermed_12
+                            .row_mut(j)
+                            .assign(&local_cols.schedule_helper.intermed_8.row(j));
+                    }
+                }
+            }
+            if i == C::ROWS_PER_BLOCK - 2 {
+                // `next` is a digest row.
+                // Fill in `carry_a` and `carry_e` with dummy values so the constraints on `a` and `e` hold.
+                let const_local_cols = ShaRoundColsRef::<F>::from_mut::<C>(&local_cols);
+                Self::generate_carry_ae(const_local_cols.clone(), &mut next_cols);
+                // Fill in row 16's `intermed_4` with dummy values so the message schedule constraints holds on that row
+                Self::generate_intermed_4(const_local_cols, &mut next_cols);
+            }
+            if i <= 2 {
+                // i is in 0..3.
+                // Fill in `local.intermed_12` with dummy values so the message schedule constraints hold on rows 1..4.
+                Self::generate_intermed_12(
+                    &mut local_cols,
+                    ShaRoundColsRef::<F>::from_mut::<C>(&next_cols),
+                );
+            }
+        }
+    }
+
+    /// This function will fill in the cells that we couldn't do during the first pass.
+    /// This function should be called only after `generate_block_trace` was called for all blocks
+    /// And [`Self::generate_default_row`] is called for all invalid rows
+    /// Will populate the missing values of `trace`, where the width of the trace is `trace_width`
+    /// and the starting column for the `ShaAir` is `trace_start_col`.
+    /// Note: `trace` needs to be the rows 1..C::ROWS_PER_BLOCK of a block and the first row of the next block
+    pub fn generate_missing_cells<F: PrimeField32>(
+        &self,
+        trace: &mut [F],
+        trace_width: usize,
+        trace_start_col: usize,
+    ) {
+        let rows = &mut trace[(C::ROUND_ROWS - 2) * trace_width..(C::ROUND_ROWS + 1) * trace_width];
+        let (last_round_row, rows) = rows.split_at_mut(trace_width);
+        let (digest_row, next_block_first_row) = rows.split_at_mut(trace_width);
+        let mut cols_last_round_row: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+            &mut last_round_row[trace_start_col..trace_start_col + C::ROUND_WIDTH],
+        );
+        let mut cols_digest_row: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+            &mut digest_row[trace_start_col..trace_start_col + C::ROUND_WIDTH],
+        );
+        let mut cols_next_block_first_row: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(
+            &mut next_block_first_row[trace_start_col..trace_start_col + C::ROUND_WIDTH],
+        );
+        // Fill in the last round row's `intermed_12` with dummy values so the message schedule constraints holds on row 16
+        Self::generate_intermed_12(
+            &mut cols_last_round_row,
+            ShaRoundColsRef::from_mut::<C>(&cols_digest_row),
+        );
+        // Fill in the digest row's `intermed_12` with dummy values so the message schedule constraints holds on the next block's row 0
+        Self::generate_intermed_12(
+            &mut cols_digest_row,
+            ShaRoundColsRef::from_mut::<C>(&cols_next_block_first_row),
+        );
+        // Fill in the next block's first row's `intermed_4` with dummy values so the message schedule constraints holds on that row
+        Self::generate_intermed_4(
+            ShaRoundColsRef::from_mut::<C>(&cols_digest_row),
+            &mut cols_next_block_first_row,
+        );
+    }
+
+    /// Fills the `cols` as a padding row
+    /// Note: we still need to correctly fill in the hash values, carries and intermeds
+    pub fn generate_default_row<F: PrimeField32>(&self, mut cols: ShaRoundColsRefMut<F>) {
+        *cols.flags.is_round_row = F::ZERO;
+        *cols.flags.is_first_4_rows = F::ZERO;
+        *cols.flags.is_digest_row = F::ZERO;
+
+        *cols.flags.is_last_block = F::ZERO;
+        *cols.flags.global_block_idx = F::ZERO;
+        cols.flags
+            .row_idx
+            .iter_mut()
+            .zip(
+                get_flag_pt_array(&self.row_idx_encoder, C::ROWS_PER_BLOCK)
+                    .into_iter()
+                    .map(F::from_canonical_u32),
+            )
+            .for_each(|(x, y)| *x = y);
+        *cols.flags.local_block_idx = F::ZERO;
+
+        cols.message_schedule
+            .w
+            .iter_mut()
+            .for_each(|x| *x = F::ZERO);
+        cols.message_schedule
+            .carry_or_buffer
+            .iter_mut()
+            .for_each(|x| *x = F::ZERO);
+
+        let hash = C::get_h()
+            .iter()
+            .map(|x| word_into_bits::<C>(*x))
+            .map(|x| x.into_iter().map(F::from_canonical_u32).collect::<Vec<_>>())
+            .collect::<Vec<_>>();
+
+        for i in 0..C::ROUNDS_PER_ROW {
+            cols.work_vars
+                .a
+                .row_mut(i)
+                .iter_mut()
+                .zip(hash[C::ROUNDS_PER_ROW - i - 1].clone())
+                .for_each(|(x, y)| *x = y);
+            cols.work_vars
+                .e
+                .row_mut(i)
+                .iter_mut()
+                .zip(hash[C::ROUNDS_PER_ROW - i + 3].clone())
+                .for_each(|(x, y)| *x = y);
+        }
+
+        cols.work_vars
+            .carry_a
+            .iter_mut()
+            .zip((0..C::ROUNDS_PER_ROW).flat_map(|i| {
+                (0..C::WORD_U16S)
+                    .map(|j| F::from_canonical_u32(C::get_invalid_carry_a(i)[j]))
+                    .collect::<Vec<_>>()
+            }))
+            .for_each(|(x, y)| *x = y);
+        cols.work_vars
+            .carry_e
+            .iter_mut()
+            .zip((0..C::ROUNDS_PER_ROW).flat_map(|i| {
+                (0..C::WORD_U16S)
+                    .map(|j| F::from_canonical_u32(C::get_invalid_carry_e(i)[j]))
+                    .collect::<Vec<_>>()
+            }))
+            .for_each(|(x, y)| *x = y);
+    }
+
+    /// The following functions do the calculations in native field since they will be called on padding rows
+    /// which can overflow and we need to make sure it matches the AIR constraints
+    /// Puts the correct carries in the `next_row`, the resulting carries can be out of bounds
+    pub fn generate_carry_ae<F: PrimeField32>(
+        local_cols: ShaRoundColsRef<F>,
+        next_cols: &mut ShaRoundColsRefMut<F>,
+    ) {
+        let a = [
+            local_cols
+                .work_vars
+                .a
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+            next_cols.work_vars.a.rows().into_iter().collect::<Vec<_>>(),
+        ]
+        .concat();
+        let e = [
+            local_cols
+                .work_vars
+                .e
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+            next_cols.work_vars.e.rows().into_iter().collect::<Vec<_>>(),
+        ]
+        .concat();
+        for i in 0..C::ROUNDS_PER_ROW {
+            let cur_a = a[i + 4];
+            let sig_a = big_sig0_field::<F, C>(a[i + 3].as_slice().unwrap());
+            let maj_abc = maj_field::<F>(
+                a[i + 3].as_slice().unwrap(),
+                a[i + 2].as_slice().unwrap(),
+                a[i + 1].as_slice().unwrap(),
+            );
+            let d = a[i];
+            let cur_e = e[i + 4];
+            let sig_e = big_sig1_field::<F, C>(e[i + 3].as_slice().unwrap());
+            let ch_efg = ch_field::<F>(
+                e[i + 3].as_slice().unwrap(),
+                e[i + 2].as_slice().unwrap(),
+                e[i + 1].as_slice().unwrap(),
+            );
+            let h = e[i];
+
+            let t1 = [h.to_vec(), sig_e, ch_efg.to_vec()];
+            let t2 = [sig_a, maj_abc];
+            for j in 0..C::WORD_U16S {
+                let t1_limb_sum = t1.iter().fold(F::ZERO, |acc, x| {
+                    acc + compose::<F>(&x[j * 16..(j + 1) * 16], 1)
+                });
+                let t2_limb_sum = t2.iter().fold(F::ZERO, |acc, x| {
+                    acc + compose::<F>(&x[j * 16..(j + 1) * 16], 1)
+                });
+                let d_limb = compose::<F>(&d.as_slice().unwrap()[j * 16..(j + 1) * 16], 1);
+                let cur_a_limb = compose::<F>(&cur_a.as_slice().unwrap()[j * 16..(j + 1) * 16], 1);
+                let cur_e_limb = compose::<F>(&cur_e.as_slice().unwrap()[j * 16..(j + 1) * 16], 1);
+                let sum = d_limb
+                    + t1_limb_sum
+                    + if j == 0 {
+                        F::ZERO
+                    } else {
+                        next_cols.work_vars.carry_e[[i, j - 1]]
+                    }
+                    - cur_e_limb;
+                let carry_e = sum * (F::from_canonical_u32(1 << 16).inverse());
+
+                let sum = t1_limb_sum
+                    + t2_limb_sum
+                    + if j == 0 {
+                        F::ZERO
+                    } else {
+                        next_cols.work_vars.carry_a[[i, j - 1]]
+                    }
+                    - cur_a_limb;
+                let carry_a = sum * (F::from_canonical_u32(1 << 16).inverse());
+                next_cols.work_vars.carry_e[[i, j]] = carry_e;
+                next_cols.work_vars.carry_a[[i, j]] = carry_a;
+            }
+        }
+    }
+
+    /// Puts the correct intermed_4 in the `next_row`
+    fn generate_intermed_4<F: PrimeField32>(
+        local_cols: ShaRoundColsRef<F>,
+        next_cols: &mut ShaRoundColsRefMut<F>,
+    ) {
+        let w = [
+            local_cols
+                .message_schedule
+                .w
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+            next_cols
+                .message_schedule
+                .w
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+        ]
+        .concat();
+        let w_limbs: Vec<Vec<F>> = w
+            .iter()
+            .map(|x| {
+                (0..C::WORD_U16S)
+                    .map(|i| compose::<F>(&x.as_slice().unwrap()[i * 16..(i + 1) * 16], 1))
+                    .collect::<Vec<F>>()
+            })
+            .collect();
+        for i in 0..C::ROUNDS_PER_ROW {
+            let sig_w = small_sig0_field::<F, C>(w[i + 1].as_slice().unwrap());
+            let sig_w_limbs: Vec<F> = (0..C::WORD_U16S)
+                .map(|j| compose::<F>(&sig_w[j * 16..(j + 1) * 16], 1))
+                .collect();
+            for (j, sig_w_limb) in sig_w_limbs.iter().enumerate() {
+                next_cols.schedule_helper.intermed_4[[i, j]] = w_limbs[i][j] + *sig_w_limb;
+            }
+        }
+    }
+
+    /// Puts the needed intermed_12 in the `local_row`
+    fn generate_intermed_12<F: PrimeField32>(
+        local_cols: &mut ShaRoundColsRefMut<F>,
+        next_cols: ShaRoundColsRef<F>,
+    ) {
+        let w = [
+            local_cols
+                .message_schedule
+                .w
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+            next_cols
+                .message_schedule
+                .w
+                .rows()
+                .into_iter()
+                .collect::<Vec<_>>(),
+        ]
+        .concat();
+        let w_limbs: Vec<Vec<F>> = w
+            .iter()
+            .map(|x| {
+                (0..C::WORD_U16S)
+                    .map(|i| compose::<F>(&x.as_slice().unwrap()[i * 16..(i + 1) * 16], 1))
+                    .collect::<Vec<F>>()
+            })
+            .collect();
+        for i in 0..C::ROUNDS_PER_ROW {
+            // sig_1(w_{t-2})
+            let sig_w_2: Vec<F> = (0..C::WORD_U16S)
+                .map(|j| {
+                    compose::<F>(
+                        &small_sig1_field::<F, C>(w[i + 2].as_slice().unwrap())
+                            [j * 16..(j + 1) * 16],
+                        1,
+                    )
+                })
+                .collect();
+            // w_{t-7}
+            let w_7 = if i < 3 {
+                local_cols.schedule_helper.w_3.row(i).to_slice().unwrap()
+            } else {
+                w_limbs[i - 3].as_slice()
+            };
+            // w_t
+            let w_cur = w_limbs[i + 4].as_slice();
+            for j in 0..C::WORD_U16S {
+                let carry = next_cols.message_schedule.carry_or_buffer[[i, j * 2]]
+                    + F::TWO * next_cols.message_schedule.carry_or_buffer[[i, j * 2 + 1]];
+                let sum = sig_w_2[j] + w_7[j] - carry * F::from_canonical_u32(1 << 16) - w_cur[j]
+                    + if j > 0 {
+                        next_cols.message_schedule.carry_or_buffer[[i, j * 2 - 2]]
+                            + F::from_canonical_u32(2)
+                                * next_cols.message_schedule.carry_or_buffer[[i, j * 2 - 1]]
+                    } else {
+                        F::ZERO
+                    };
+                local_cols.schedule_helper.intermed_12[[i, j]] = -sum;
+            }
+        }
+    }
+}
+
+/// `records` consists of pairs of `(input_block, is_last_block)`.
+pub fn generate_trace<F: PrimeField32, C: Sha2Config>(
+    sub_air: &Sha2Air<C>,
+    bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+    records: Vec<(Vec<u8>, bool)>,
+) -> RowMajorMatrix<F> {
+    for (input, _) in &records {
+        debug_assert!(input.len() == C::BLOCK_U8S);
+    }
+
+    let non_padded_height = records.len() * C::ROWS_PER_BLOCK;
+    let height = next_power_of_two_or_zero(non_padded_height);
+    let width = <Sha2Air<C> as BaseAir<F>>::width(sub_air);
+    let mut values = F::zero_vec(height * width);
+
+    struct BlockContext<C: Sha2Config> {
+        prev_hash: Vec<C::Word>, // len is C::HASH_WORDS
+        local_block_idx: u32,
+        global_block_idx: u32,
+        input: Vec<u8>, // len is C::BLOCK_U8S
+        is_last_block: bool,
+    }
+    let mut block_ctx: Vec<BlockContext<C>> = Vec::with_capacity(records.len());
+    let mut prev_hash = C::get_h().to_vec();
+    let mut local_block_idx = 0;
+    let mut global_block_idx = 1;
+    for (input, is_last_block) in records {
+        block_ctx.push(BlockContext {
+            prev_hash: prev_hash.clone(),
+            local_block_idx,
+            global_block_idx,
+            input: input.clone(),
+            is_last_block,
+        });
+        global_block_idx += 1;
+        if is_last_block {
+            local_block_idx = 0;
+            prev_hash = C::get_h().to_vec();
+        } else {
+            local_block_idx += 1;
+            prev_hash = Sha2Air::<C>::get_block_hash(&prev_hash, input);
+        }
+    }
+    // first pass
+    values
+        .par_chunks_exact_mut(width * C::ROWS_PER_BLOCK)
+        .zip(block_ctx)
+        .for_each(|(block, ctx)| {
+            let BlockContext {
+                prev_hash,
+                local_block_idx,
+                global_block_idx,
+                input,
+                is_last_block,
+            } = ctx;
+            let input_words = (0..C::BLOCK_WORDS)
+                .map(|i| {
+                    limbs_into_word::<C>(
+                        &(0..C::WORD_U8S)
+                            .map(|j| input[(i + 1) * C::WORD_U8S - j - 1] as u32)
+                            .collect::<Vec<_>>(),
+                    )
+                })
+                .collect::<Vec<_>>();
+            let empty_buffer = vec![F::ZERO; C::CELLS_PER_ROW];
+            let buffer_vals = vec![empty_buffer.clone(); C::MESSAGE_ROWS];
+            sub_air.generate_block_trace(
+                block,
+                width,
+                0,
+                &input_words,
+                bitwise_lookup_chip.clone(),
+                &prev_hash,
+                is_last_block,
+                global_block_idx,
+                local_block_idx,
+                buffer_vals,
+            );
+        });
+    // second pass: padding rows
+    values[width * non_padded_height..]
+        .par_chunks_mut(width)
+        .for_each(|row| {
+            let cols: ShaRoundColsRefMut<F> = ShaRoundColsRefMut::from::<C>(row);
+            sub_air.generate_default_row(cols);
+        });
+
+    // second pass: non-padding rows
+    values[width..]
+        .par_chunks_mut(width * C::ROWS_PER_BLOCK)
+        .take(non_padded_height / C::ROWS_PER_BLOCK)
+        .for_each(|chunk| {
+            sub_air.generate_missing_cells(chunk, width, 0);
+        });
+    RowMajorMatrix::new(values, width)
+}
diff --git a/crates/circuits/sha2-air/src/utils.rs b/crates/circuits/sha2-air/src/utils.rs
new file mode 100644
index 0000000000..c8e8b8d6c1
--- /dev/null
+++ b/crates/circuits/sha2-air/src/utils.rs
@@ -0,0 +1,282 @@
+pub use openvm_circuit_primitives::utils::compose;
+use openvm_circuit_primitives::{
+    encoder::Encoder,
+    utils::{not, select},
+};
+use openvm_stark_backend::{p3_air::AirBuilder, p3_field::FieldAlgebra};
+use rand::{rngs::StdRng, Rng};
+
+use crate::{RotateRight, Sha2Config};
+
+/// Convert a word into a list of 8-bit limbs in little endian
+pub fn word_into_u8_limbs<C: Sha2Config>(num: impl Into<C::Word>) -> Vec<u32> {
+    word_into_limbs::<C>(num.into(), C::WORD_U8S)
+}
+
+/// Convert a word into a list of 16-bit limbs in little endian
+pub fn word_into_u16_limbs<C: Sha2Config>(num: impl Into<C::Word>) -> Vec<u32> {
+    word_into_limbs::<C>(num.into(), C::WORD_U16S)
+}
+
+/// Convert a word into a list of 1-bit limbs in little endian
+pub fn word_into_bits<C: Sha2Config>(num: impl Into<C::Word>) -> Vec<u32> {
+    word_into_limbs::<C>(num.into(), C::WORD_BITS)
+}
+
+/// Convert a word into a list of limbs in little endian
+pub fn word_into_limbs<C: Sha2Config>(num: C::Word, num_limbs: usize) -> Vec<u32> {
+    let limb_bits = std::mem::size_of::<C::Word>() * 8 / num_limbs;
+    (0..num_limbs)
+        .map(|i| {
+            let shifted = num >> (limb_bits * i);
+            let mask: C::Word = ((1u32 << limb_bits) - 1).into();
+            let masked = shifted & mask;
+            masked.try_into().unwrap()
+        })
+        .collect()
+}
+
+/// Convert a u32 into a list of 1-bit limbs in little endian
+pub fn u32_into_bits<C: Sha2Config>(num: u32) -> Vec<u32> {
+    let limb_bits = 32 / C::WORD_BITS;
+    (0..C::WORD_BITS)
+        .map(|i| (num >> (limb_bits * i)) & ((1 << limb_bits) - 1))
+        .collect()
+}
+
+/// Convert a list of limbs in little endian into a Word
+pub fn limbs_into_word<C: Sha2Config>(limbs: &[u32]) -> C::Word {
+    let limb_bits = C::WORD_BITS / limbs.len();
+    limbs.iter().rev().fold(C::Word::from(0), |acc, &limb| {
+        (acc << limb_bits) | limb.into()
+    })
+}
+
+/// Convert a list of limbs in little endian into a u32
+pub fn limbs_into_u32(limbs: &[u32]) -> u32 {
+    let limb_bits = 32 / limbs.len();
+    limbs
+        .iter()
+        .rev()
+        .fold(0, |acc, &limb| (acc << limb_bits) | limb)
+}
+
+/// Rotates `bits` right by `n` bits, assumes `bits` is in little-endian
+#[inline]
+pub(crate) fn rotr<F: FieldAlgebra + Clone>(bits: &[impl Into<F> + Clone], n: usize) -> Vec<F> {
+    (0..bits.len())
+        .map(|i| bits[(i + n) % bits.len()].clone().into())
+        .collect()
+}
+
+/// Shifts `bits` right by `n` bits, assumes `bits` is in little-endian
+#[inline]
+pub(crate) fn shr<F: FieldAlgebra + Clone>(bits: &[impl Into<F> + Clone], n: usize) -> Vec<F> {
+    (0..bits.len())
+        .map(|i| {
+            if i + n < bits.len() {
+                bits[i + n].clone().into()
+            } else {
+                F::ZERO
+            }
+        })
+        .collect()
+}
+
+/// Computes x ^ y ^ z, where x, y, z are assumed to be boolean
+#[inline]
+pub(crate) fn xor_bit<F: FieldAlgebra + Clone>(
+    x: impl Into<F>,
+    y: impl Into<F>,
+    z: impl Into<F>,
+) -> F {
+    let (x, y, z) = (x.into(), y.into(), z.into());
+    (x.clone() * y.clone() * z.clone())
+        + (x.clone() * not::<F>(y.clone()) * not::<F>(z.clone()))
+        + (not::<F>(x.clone()) * y.clone() * not::<F>(z.clone()))
+        + (not::<F>(x) * not::<F>(y) * z)
+}
+
+/// Computes x ^ y ^ z, where x, y, z are [C::WORD_BITS] bit numbers
+#[inline]
+pub(crate) fn xor<F: FieldAlgebra + Clone>(
+    x: &[impl Into<F> + Clone],
+    y: &[impl Into<F> + Clone],
+    z: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    (0..x.len())
+        .map(|i| xor_bit(x[i].clone(), y[i].clone(), z[i].clone()))
+        .collect()
+}
+
+/// Choose function from the SHA spec
+#[inline]
+pub fn ch<C: Sha2Config>(x: C::Word, y: C::Word, z: C::Word) -> C::Word {
+    (x & y) ^ ((!x) & z)
+}
+
+/// Computes Ch(x,y,z), where x, y, z are [C::WORD_BITS] bit numbers
+#[inline]
+pub(crate) fn ch_field<F: FieldAlgebra>(
+    x: &[impl Into<F> + Clone],
+    y: &[impl Into<F> + Clone],
+    z: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    (0..x.len())
+        .map(|i| select(x[i].clone(), y[i].clone(), z[i].clone()))
+        .collect()
+}
+
+/// Majority function from the SHA spec
+pub fn maj<C: Sha2Config>(x: C::Word, y: C::Word, z: C::Word) -> C::Word {
+    (x & y) ^ (x & z) ^ (y & z)
+}
+
+/// Computes Maj(x,y,z), where x, y, z are [C::WORD_BITS] bit numbers
+#[inline]
+pub(crate) fn maj_field<F: FieldAlgebra + Clone>(
+    x: &[impl Into<F> + Clone],
+    y: &[impl Into<F> + Clone],
+    z: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    (0..x.len())
+        .map(|i| {
+            let (x, y, z) = (
+                x[i].clone().into(),
+                y[i].clone().into(),
+                z[i].clone().into(),
+            );
+            x.clone() * y.clone() + x.clone() * z.clone() + y.clone() * z.clone()
+                - F::TWO * x * y * z
+        })
+        .collect()
+}
+
+/// Big sigma_0 function from the SHA spec
+pub fn big_sig0<C: Sha2Config>(x: C::Word) -> C::Word {
+    if C::WORD_BITS == 32 {
+        x.rotate_right(2) ^ x.rotate_right(13) ^ x.rotate_right(22)
+    } else {
+        x.rotate_right(28) ^ x.rotate_right(34) ^ x.rotate_right(39)
+    }
+}
+
+/// Computes BigSigma0(x), where x is a [C::WORD_BITS] bit number in little-endian
+#[inline]
+pub(crate) fn big_sig0_field<F: FieldAlgebra + Clone, C: Sha2Config>(
+    x: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    if C::WORD_BITS == 32 {
+        xor(&rotr::<F>(x, 2), &rotr::<F>(x, 13), &rotr::<F>(x, 22))
+    } else {
+        xor(&rotr::<F>(x, 28), &rotr::<F>(x, 34), &rotr::<F>(x, 39))
+    }
+}
+
+/// Big sigma_1 function from the SHA spec
+pub fn big_sig1<C: Sha2Config>(x: C::Word) -> C::Word {
+    if C::WORD_BITS == 32 {
+        x.rotate_right(6) ^ x.rotate_right(11) ^ x.rotate_right(25)
+    } else {
+        x.rotate_right(14) ^ x.rotate_right(18) ^ x.rotate_right(41)
+    }
+}
+
+/// Computes BigSigma1(x), where x is a [C::WORD_BITS] bit number in little-endian
+#[inline]
+pub(crate) fn big_sig1_field<F: FieldAlgebra + Clone, C: Sha2Config>(
+    x: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    if C::WORD_BITS == 32 {
+        xor(&rotr::<F>(x, 6), &rotr::<F>(x, 11), &rotr::<F>(x, 25))
+    } else {
+        xor(&rotr::<F>(x, 14), &rotr::<F>(x, 18), &rotr::<F>(x, 41))
+    }
+}
+
+/// Small sigma_0 function from the SHA spec
+pub fn small_sig0<C: Sha2Config>(x: C::Word) -> C::Word {
+    if C::WORD_BITS == 32 {
+        x.rotate_right(7) ^ x.rotate_right(18) ^ (x >> 3)
+    } else {
+        x.rotate_right(1) ^ x.rotate_right(8) ^ (x >> 7)
+    }
+}
+
+/// Computes SmallSigma0(x), where x is a [C::WORD_BITS] bit number in little-endian
+#[inline]
+pub(crate) fn small_sig0_field<F: FieldAlgebra + Clone, C: Sha2Config>(
+    x: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    if C::WORD_BITS == 32 {
+        xor(&rotr::<F>(x, 7), &rotr::<F>(x, 18), &shr::<F>(x, 3))
+    } else {
+        xor(&rotr::<F>(x, 1), &rotr::<F>(x, 8), &shr::<F>(x, 7))
+    }
+}
+
+/// Small sigma_1 function from the SHA spec
+pub fn small_sig1<C: Sha2Config>(x: C::Word) -> C::Word {
+    if C::WORD_BITS == 32 {
+        x.rotate_right(17) ^ x.rotate_right(19) ^ (x >> 10)
+    } else {
+        x.rotate_right(19) ^ x.rotate_right(61) ^ (x >> 6)
+    }
+}
+
+/// Computes SmallSigma1(x), where x is a [C::WORD_BITS] bit number in little-endian
+#[inline]
+pub(crate) fn small_sig1_field<F: FieldAlgebra + Clone, C: Sha2Config>(
+    x: &[impl Into<F> + Clone],
+) -> Vec<F> {
+    if C::WORD_BITS == 32 {
+        xor(&rotr::<F>(x, 17), &rotr::<F>(x, 19), &shr::<F>(x, 10))
+    } else {
+        xor(&rotr::<F>(x, 19), &rotr::<F>(x, 61), &shr::<F>(x, 6))
+    }
+}
+
+/// Generate a random message of a given length
+pub fn get_random_message(rng: &mut StdRng, len: usize) -> Vec<u8> {
+    let mut random_message: Vec<u8> = vec![0u8; len];
+    rng.fill(&mut random_message[..]);
+    random_message
+}
+
+/// Wrapper of `get_flag_pt` to get the flag pointer as an array
+pub fn get_flag_pt_array(encoder: &Encoder, flag_idx: usize) -> Vec<u32> {
+    encoder.get_flag_pt(flag_idx)
+}
+
+/// Constrain the addition of [C::WORD_BITS] bit words in 16-bit limbs
+/// It takes in the terms some in bits some in 16-bit limbs,
+/// the expected sum in bits and the carries
+pub fn constraint_word_addition<AB: AirBuilder, C: Sha2Config>(
+    builder: &mut AB,
+    terms_bits: &[&[impl Into<AB::Expr> + Clone]],
+    terms_limb: &[&[impl Into<AB::Expr> + Clone]],
+    expected_sum: &[impl Into<AB::Expr> + Clone],
+    carries: &[impl Into<AB::Expr> + Clone],
+) {
+    debug_assert!(terms_bits.iter().all(|x| x.len() == C::WORD_BITS));
+    debug_assert!(terms_limb.iter().all(|x| x.len() == C::WORD_U16S));
+    assert_eq!(expected_sum.len(), C::WORD_BITS);
+    assert_eq!(carries.len(), C::WORD_U16S);
+
+    for i in 0..C::WORD_U16S {
+        let mut limb_sum = if i == 0 {
+            AB::Expr::ZERO
+        } else {
+            carries[i - 1].clone().into()
+        };
+        for term in terms_bits {
+            limb_sum += compose::<AB::Expr>(&term[i * 16..(i + 1) * 16], 1);
+        }
+        for term in terms_limb {
+            limb_sum += term[i].clone().into();
+        }
+        let expected_sum_limb = compose::<AB::Expr>(&expected_sum[i * 16..(i + 1) * 16], 1)
+            + carries[i].clone().into() * AB::Expr::from_canonical_u32(1 << 16);
+        builder.assert_eq(limb_sum, expected_sum_limb);
+    }
+}
diff --git a/crates/circuits/sha256-air/src/air.rs b/crates/circuits/sha256-air/src/air.rs
deleted file mode 100644
index e47aa96504..0000000000
--- a/crates/circuits/sha256-air/src/air.rs
+++ /dev/null
@@ -1,592 +0,0 @@
-use std::{array, borrow::Borrow, cmp::max, iter::once};
-
-use openvm_circuit_primitives::{
-    bitwise_op_lookup::BitwiseOperationLookupBus,
-    encoder::Encoder,
-    utils::{not, select},
-    SubAir,
-};
-use openvm_stark_backend::{
-    interaction::{BusIndex, InteractionBuilder, PermutationCheckBus},
-    p3_air::{AirBuilder, BaseAir},
-    p3_field::{Field, FieldAlgebra},
-    p3_matrix::Matrix,
-};
-
-use super::{
-    big_sig0_field, big_sig1_field, ch_field, compose, maj_field, small_sig0_field,
-    small_sig1_field, u32_into_limbs, Sha256DigestCols, Sha256RoundCols, SHA256_DIGEST_WIDTH,
-    SHA256_H, SHA256_HASH_WORDS, SHA256_K, SHA256_ROUNDS_PER_ROW, SHA256_ROUND_WIDTH,
-    SHA256_WORD_BITS, SHA256_WORD_U16S, SHA256_WORD_U8S,
-};
-use crate::constraint_word_addition;
-
-/// Expects the message to be padded to a multiple of 512 bits
-#[derive(Clone, Debug)]
-pub struct Sha256Air {
-    pub bitwise_lookup_bus: BitwiseOperationLookupBus,
-    pub row_idx_encoder: Encoder,
-    /// Internal bus for self-interactions in this AIR.
-    bus: PermutationCheckBus,
-}
-
-impl Sha256Air {
-    pub fn new(bitwise_lookup_bus: BitwiseOperationLookupBus, self_bus_idx: BusIndex) -> Self {
-        Self {
-            bitwise_lookup_bus,
-            row_idx_encoder: Encoder::new(18, 2, false),
-            bus: PermutationCheckBus::new(self_bus_idx),
-        }
-    }
-}
-
-impl<F> BaseAir<F> for Sha256Air {
-    fn width(&self) -> usize {
-        max(
-            Sha256RoundCols::<F>::width(),
-            Sha256DigestCols::<F>::width(),
-        )
-    }
-}
-
-impl<AB: InteractionBuilder> SubAir<AB> for Sha256Air {
-    /// The start column for the sub-air to use
-    type AirContext<'a>
-        = usize
-    where
-        Self: 'a,
-        AB: 'a,
-        <AB as AirBuilder>::Var: 'a,
-        <AB as AirBuilder>::Expr: 'a;
-
-    fn eval<'a>(&'a self, builder: &'a mut AB, start_col: Self::AirContext<'a>)
-    where
-        <AB as AirBuilder>::Var: 'a,
-        <AB as AirBuilder>::Expr: 'a,
-    {
-        self.eval_row(builder, start_col);
-        self.eval_transitions(builder, start_col);
-    }
-}
-
-impl Sha256Air {
-    /// Implements the single row constraints (i.e. imposes constraints only on local)
-    /// Implements some sanity constraints on the row index, flags, and work variables
-    fn eval_row<AB: InteractionBuilder>(&self, builder: &mut AB, start_col: usize) {
-        let main = builder.main();
-        let local = main.row_slice(0);
-
-        // Doesn't matter which column struct we use here as we are only interested in the common columns
-        let local_cols: &Sha256DigestCols<AB::Var> =
-            local[start_col..start_col + SHA256_DIGEST_WIDTH].borrow();
-        let flags = &local_cols.flags;
-        builder.assert_bool(flags.is_round_row);
-        builder.assert_bool(flags.is_first_4_rows);
-        builder.assert_bool(flags.is_digest_row);
-        builder.assert_bool(flags.is_round_row + flags.is_digest_row);
-        builder.assert_bool(flags.is_last_block);
-
-        self.row_idx_encoder
-            .eval(builder, &local_cols.flags.row_idx);
-        builder.assert_one(
-            self.row_idx_encoder
-                .contains_flag_range::<AB>(&local_cols.flags.row_idx, 0..=17),
-        );
-        builder.assert_eq(
-            self.row_idx_encoder
-                .contains_flag_range::<AB>(&local_cols.flags.row_idx, 0..=3),
-            flags.is_first_4_rows,
-        );
-        builder.assert_eq(
-            self.row_idx_encoder
-                .contains_flag_range::<AB>(&local_cols.flags.row_idx, 0..=15),
-            flags.is_round_row,
-        );
-        builder.assert_eq(
-            self.row_idx_encoder
-                .contains_flag::<AB>(&local_cols.flags.row_idx, &[16]),
-            flags.is_digest_row,
-        );
-        // If padding row we want the row_idx to be 17
-        builder.assert_eq(
-            self.row_idx_encoder
-                .contains_flag::<AB>(&local_cols.flags.row_idx, &[17]),
-            flags.is_padding_row(),
-        );
-
-        // Constrain a, e, being composed of bits: we make sure a and e are always in the same place in the trace matrix
-        // Note: this has to be true for every row, even padding rows
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            for j in 0..SHA256_WORD_BITS {
-                builder.assert_bool(local_cols.hash.a[i][j]);
-                builder.assert_bool(local_cols.hash.e[i][j]);
-            }
-        }
-    }
-
-    /// Implements constraints for a digest row that ensure proper state transitions between blocks
-    /// This validates that:
-    /// The work variables are correctly initialized for the next message block
-    /// For the last message block, the initial state matches SHA256_H constants
-    fn eval_digest_row<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256RoundCols<AB::Var>,
-        next: &Sha256DigestCols<AB::Var>,
-    ) {
-        // Check that if this is the last row of a message or an inpadding row, the hash should be the [SHA256_H]
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            let a = next.hash.a[i].map(|x| x.into());
-            let e = next.hash.e[i].map(|x| x.into());
-            for j in 0..SHA256_WORD_U16S {
-                let a_limb = compose::<AB::Expr>(&a[j * 16..(j + 1) * 16], 1);
-                let e_limb = compose::<AB::Expr>(&e[j * 16..(j + 1) * 16], 1);
-
-                // If it is a padding row or the last row of a message, the `hash` should be the [SHA256_H]
-                builder
-                    .when(
-                        next.flags.is_padding_row()
-                            + next.flags.is_last_block * next.flags.is_digest_row,
-                    )
-                    .assert_eq(
-                        a_limb,
-                        AB::Expr::from_canonical_u32(
-                            u32_into_limbs::<2>(SHA256_H[SHA256_ROUNDS_PER_ROW - i - 1])[j],
-                        ),
-                    );
-
-                builder
-                    .when(
-                        next.flags.is_padding_row()
-                            + next.flags.is_last_block * next.flags.is_digest_row,
-                    )
-                    .assert_eq(
-                        e_limb,
-                        AB::Expr::from_canonical_u32(
-                            u32_into_limbs::<2>(SHA256_H[SHA256_ROUNDS_PER_ROW - i + 3])[j],
-                        ),
-                    );
-            }
-        }
-
-        // Check if last row of a non-last block, the `hash` should be equal to the final hash of the current block
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            let prev_a = next.hash.a[i].map(|x| x.into());
-            let prev_e = next.hash.e[i].map(|x| x.into());
-            let cur_a = next.final_hash[SHA256_ROUNDS_PER_ROW - i - 1].map(|x| x.into());
-
-            let cur_e = next.final_hash[SHA256_ROUNDS_PER_ROW - i + 3].map(|x| x.into());
-            for j in 0..SHA256_WORD_U8S {
-                let prev_a_limb = compose::<AB::Expr>(&prev_a[j * 8..(j + 1) * 8], 1);
-                let prev_e_limb = compose::<AB::Expr>(&prev_e[j * 8..(j + 1) * 8], 1);
-
-                builder
-                    .when(not(next.flags.is_last_block) * next.flags.is_digest_row)
-                    .assert_eq(prev_a_limb, cur_a[j].clone());
-
-                builder
-                    .when(not(next.flags.is_last_block) * next.flags.is_digest_row)
-                    .assert_eq(prev_e_limb, cur_e[j].clone());
-            }
-        }
-
-        // Assert that the previous hash + work vars == final hash.
-        // That is, `next.prev_hash[i] + local.work_vars[i] == next.final_hash[i]`
-        // where addition is done modulo 2^32
-        for i in 0..SHA256_HASH_WORDS {
-            let mut carry = AB::Expr::ZERO;
-            for j in 0..SHA256_WORD_U16S {
-                let work_var_limb = if i < SHA256_ROUNDS_PER_ROW {
-                    compose::<AB::Expr>(
-                        &local.work_vars.a[SHA256_ROUNDS_PER_ROW - 1 - i][j * 16..(j + 1) * 16],
-                        1,
-                    )
-                } else {
-                    compose::<AB::Expr>(
-                        &local.work_vars.e[SHA256_ROUNDS_PER_ROW + 3 - i][j * 16..(j + 1) * 16],
-                        1,
-                    )
-                };
-                let final_hash_limb =
-                    compose::<AB::Expr>(&next.final_hash[i][j * 2..(j + 1) * 2], 8);
-
-                carry = AB::Expr::from(AB::F::from_canonical_u32(1 << 16).inverse())
-                    * (next.prev_hash[i][j] + work_var_limb + carry - final_hash_limb);
-                builder
-                    .when(next.flags.is_digest_row)
-                    .assert_bool(carry.clone());
-            }
-            // constrain the final hash limbs two at a time since we can do two checks per interaction
-            for chunk in next.final_hash[i].chunks(2) {
-                self.bitwise_lookup_bus
-                    .send_range(chunk[0], chunk[1])
-                    .eval(builder, next.flags.is_digest_row);
-            }
-        }
-    }
-
-    fn eval_transitions<AB: InteractionBuilder>(&self, builder: &mut AB, start_col: usize) {
-        let main = builder.main();
-        let local = main.row_slice(0);
-        let next = main.row_slice(1);
-
-        // Doesn't matter what column structs we use here
-        let local_cols: &Sha256RoundCols<AB::Var> =
-            local[start_col..start_col + SHA256_ROUND_WIDTH].borrow();
-        let next_cols: &Sha256RoundCols<AB::Var> =
-            next[start_col..start_col + SHA256_ROUND_WIDTH].borrow();
-
-        let local_is_padding_row = local_cols.flags.is_padding_row();
-        // Note that there will always be a padding row in the trace since the unpadded height is a multiple of 17.
-        // So the next row is padding iff the current block is the last block in the trace.
-        let next_is_padding_row = next_cols.flags.is_padding_row();
-
-        // We check that the very last block has `is_last_block` set to true, which guarantees that
-        // there is at least one complete message. If other digest rows have `is_last_block` set to true,
-        // then the trace will be interpreted as containing multiple messages.
-        builder
-            .when(next_is_padding_row.clone())
-            .when(local_cols.flags.is_digest_row)
-            .assert_one(local_cols.flags.is_last_block);
-        // If we are in a round row, the next row cannot be a padding row
-        builder
-            .when(local_cols.flags.is_round_row)
-            .assert_zero(next_is_padding_row.clone());
-        // The first row must be a round row
-        builder
-            .when_first_row()
-            .assert_one(local_cols.flags.is_round_row);
-        // If we are in a padding row, the next row must also be a padding row
-        builder
-            .when_transition()
-            .when(local_is_padding_row.clone())
-            .assert_one(next_is_padding_row.clone());
-        // If we are in a digest row, the next row cannot be a digest row
-        builder
-            .when(local_cols.flags.is_digest_row)
-            .assert_zero(next_cols.flags.is_digest_row);
-        // Constrain how much the row index changes by
-        // round->round: 1
-        // round->digest: 1
-        // digest->round: -16
-        // digest->padding: 1
-        // padding->padding: 0
-        // Other transitions are not allowed by the above constraints
-        let delta = local_cols.flags.is_round_row * AB::Expr::ONE
-            + local_cols.flags.is_digest_row
-                * next_cols.flags.is_round_row
-                * AB::Expr::from_canonical_u32(16)
-                * AB::Expr::NEG_ONE
-            + local_cols.flags.is_digest_row * next_is_padding_row.clone() * AB::Expr::ONE;
-
-        let local_row_idx = self.row_idx_encoder.flag_with_val::<AB>(
-            &local_cols.flags.row_idx,
-            &(0..18).map(|i| (i, i)).collect::<Vec<_>>(),
-        );
-        let next_row_idx = self.row_idx_encoder.flag_with_val::<AB>(
-            &next_cols.flags.row_idx,
-            &(0..18).map(|i| (i, i)).collect::<Vec<_>>(),
-        );
-
-        builder
-            .when_transition()
-            .assert_eq(local_row_idx.clone() + delta, next_row_idx.clone());
-        builder.when_first_row().assert_zero(local_row_idx);
-
-        // Constrain the global block index
-        // We set the global block index to 0 for padding rows
-        // Starting with 1 so it is not the same as the padding rows
-
-        // Global block index is 1 on first row
-        builder
-            .when_first_row()
-            .assert_one(local_cols.flags.global_block_idx);
-
-        // Global block index is constant on all rows in a block
-        builder.when(local_cols.flags.is_round_row).assert_eq(
-            local_cols.flags.global_block_idx,
-            next_cols.flags.global_block_idx,
-        );
-        // Global block index increases by 1 between blocks
-        builder
-            .when_transition()
-            .when(local_cols.flags.is_digest_row)
-            .when(next_cols.flags.is_round_row)
-            .assert_eq(
-                local_cols.flags.global_block_idx + AB::Expr::ONE,
-                next_cols.flags.global_block_idx,
-            );
-        // Global block index is 0 on padding rows
-        builder
-            .when(local_is_padding_row.clone())
-            .assert_zero(local_cols.flags.global_block_idx);
-
-        // Constrain the local block index
-        // We set the local block index to 0 for padding rows
-
-        // Local block index is constant on all rows in a block
-        // and its value on padding rows is equal to its value on the first block
-        builder.when(not(local_cols.flags.is_digest_row)).assert_eq(
-            local_cols.flags.local_block_idx,
-            next_cols.flags.local_block_idx,
-        );
-        // Local block index increases by 1 between blocks in the same message
-        builder
-            .when(local_cols.flags.is_digest_row)
-            .when(not(local_cols.flags.is_last_block))
-            .assert_eq(
-                local_cols.flags.local_block_idx + AB::Expr::ONE,
-                next_cols.flags.local_block_idx,
-            );
-        // Local block index is 0 on padding rows
-        // Combined with the above, this means that the local block index is 0 in the first block
-        builder
-            .when(local_cols.flags.is_digest_row)
-            .when(local_cols.flags.is_last_block)
-            .assert_zero(next_cols.flags.local_block_idx);
-
-        self.eval_message_schedule::<AB>(builder, local_cols, next_cols);
-        self.eval_work_vars::<AB>(builder, local_cols, next_cols);
-        let next_cols: &Sha256DigestCols<AB::Var> =
-            next[start_col..start_col + SHA256_DIGEST_WIDTH].borrow();
-        self.eval_digest_row(builder, local_cols, next_cols);
-        let local_cols: &Sha256DigestCols<AB::Var> =
-            local[start_col..start_col + SHA256_DIGEST_WIDTH].borrow();
-        self.eval_prev_hash::<AB>(builder, local_cols, next_is_padding_row);
-    }
-
-    /// Constrains that the next block's `prev_hash` is equal to the current block's `hash`
-    /// Note: the constraining is done by interactions with the chip itself on every digest row
-    fn eval_prev_hash<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256DigestCols<AB::Var>,
-        is_last_block_of_trace: AB::Expr, // note this indicates the last block of the trace, not the last block of the message
-    ) {
-        // Constrain that next block's `prev_hash` is equal to the current block's `hash`
-        let composed_hash: [[<AB as AirBuilder>::Expr; SHA256_WORD_U16S]; SHA256_HASH_WORDS] =
-            array::from_fn(|i| {
-                let hash_bits = if i < SHA256_ROUNDS_PER_ROW {
-                    local.hash.a[SHA256_ROUNDS_PER_ROW - 1 - i].map(|x| x.into())
-                } else {
-                    local.hash.e[SHA256_ROUNDS_PER_ROW + 3 - i].map(|x| x.into())
-                };
-                array::from_fn(|j| compose::<AB::Expr>(&hash_bits[j * 16..(j + 1) * 16], 1))
-            });
-        // Need to handle the case if this is the very last block of the trace matrix
-        let next_global_block_idx = select(
-            is_last_block_of_trace,
-            AB::Expr::ONE,
-            local.flags.global_block_idx + AB::Expr::ONE,
-        );
-        // The following interactions constrain certain values from block to block
-        self.bus.send(
-            builder,
-            composed_hash
-                .into_iter()
-                .flatten()
-                .chain(once(next_global_block_idx)),
-            local.flags.is_digest_row,
-        );
-
-        self.bus.receive(
-            builder,
-            local
-                .prev_hash
-                .into_iter()
-                .flatten()
-                .map(|x| x.into())
-                .chain(once(local.flags.global_block_idx.into())),
-            local.flags.is_digest_row,
-        );
-    }
-
-    /// Constrain the message schedule additions for `next` row
-    /// Note: For every addition we need to constrain the following for each of [SHA256_WORD_U16S] limbs
-    /// sig_1(w_{t-2})[i] + w_{t-7}[i] + sig_0(w_{t-15})[i] + w_{t-16}[i] + carry_w[t][i-1] - carry_w[t][i] * 2^16 - w_t[i] == 0
-    /// Refer to [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf]
-    fn eval_message_schedule<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256RoundCols<AB::Var>,
-        next: &Sha256RoundCols<AB::Var>,
-    ) {
-        // This `w` array contains 8 message schedule words - w_{idx}, ..., w_{idx+7} for some idx
-        let w = [local.message_schedule.w, next.message_schedule.w].concat();
-
-        // Constrain `w_3` for `next` row
-        for i in 0..SHA256_ROUNDS_PER_ROW - 1 {
-            // here we constrain the w_3 of the i_th word of the next row
-            // w_3 of next is w[i+4-3] = w[i+1]
-            let w_3 = w[i + 1].map(|x| x.into());
-            let expected_w_3 = next.schedule_helper.w_3[i];
-            for j in 0..SHA256_WORD_U16S {
-                let w_3_limb = compose::<AB::Expr>(&w_3[j * 16..(j + 1) * 16], 1);
-                builder
-                    .when(local.flags.is_round_row)
-                    .assert_eq(w_3_limb, expected_w_3[j].into());
-            }
-        }
-
-        // Constrain intermed for `next` row
-        // We will only constrain intermed_12 for rows [3, 14], and let it be unconstrained for other rows
-        // Other rows should put the needed value in intermed_12 to make the below summation constraint hold
-        let is_row_3_14 = self
-            .row_idx_encoder
-            .contains_flag_range::<AB>(&next.flags.row_idx, 3..=14);
-        // We will only constrain intermed_8 for rows [2, 13], and let it unconstrained for other rows
-        let is_row_2_13 = self
-            .row_idx_encoder
-            .contains_flag_range::<AB>(&next.flags.row_idx, 2..=13);
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            // w_idx
-            let w_idx = w[i].map(|x| x.into());
-            // sig_0(w_{idx+1})
-            let sig_w = small_sig0_field::<AB::Expr>(&w[i + 1]);
-            for j in 0..SHA256_WORD_U16S {
-                let w_idx_limb = compose::<AB::Expr>(&w_idx[j * 16..(j + 1) * 16], 1);
-                let sig_w_limb = compose::<AB::Expr>(&sig_w[j * 16..(j + 1) * 16], 1);
-
-                // We would like to constrain this only on rows 0..16, but we can't do a conditional check because the degree is already 3.
-                // So we must fill in `intermed_4` with dummy values on rows 0 and 16 to ensure the constraint holds on these rows.
-                builder.when_transition().assert_eq(
-                    next.schedule_helper.intermed_4[i][j],
-                    w_idx_limb + sig_w_limb,
-                );
-
-                builder.when(is_row_2_13.clone()).assert_eq(
-                    next.schedule_helper.intermed_8[i][j],
-                    local.schedule_helper.intermed_4[i][j],
-                );
-
-                builder.when(is_row_3_14.clone()).assert_eq(
-                    next.schedule_helper.intermed_12[i][j],
-                    local.schedule_helper.intermed_8[i][j],
-                );
-            }
-        }
-
-        // Constrain the message schedule additions for `next` row
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            // Note, here by w_{t} we mean the i_th word of the `next` row
-            // w_{t-7}
-            let w_7 = if i < 3 {
-                local.schedule_helper.w_3[i].map(|x| x.into())
-            } else {
-                let w_3 = w[i - 3].map(|x| x.into());
-                array::from_fn(|j| compose::<AB::Expr>(&w_3[j * 16..(j + 1) * 16], 1))
-            };
-            // sig_0(w_{t-15}) + w_{t-16}
-            let intermed_16 = local.schedule_helper.intermed_12[i].map(|x| x.into());
-
-            let carries = array::from_fn(|j| {
-                next.message_schedule.carry_or_buffer[i][j * 2]
-                    + AB::Expr::TWO * next.message_schedule.carry_or_buffer[i][j * 2 + 1]
-            });
-
-            // Constrain `W_{idx} = sig_1(W_{idx-2}) + W_{idx-7} + sig_0(W_{idx-15}) + W_{idx-16}`
-            // We would like to constrain this only on rows 4..16, but we can't do a conditional check because the degree of sum is already 3
-            // So we must fill in `intermed_12` with dummy values on rows 0..3 and 15 and 16 to ensure the constraint holds on rows
-            // 0..4 and 16. Note that the dummy value goes in the previous row to make the current row's constraint hold.
-            constraint_word_addition(
-                // Note: here we can't do a conditional check because the degree of sum is already 3
-                &mut builder.when_transition(),
-                &[&small_sig1_field::<AB::Expr>(&w[i + 2])],
-                &[&w_7, &intermed_16],
-                &w[i + 4],
-                &carries,
-            );
-
-            for j in 0..SHA256_WORD_U16S {
-                // When on rows 4..16 message schedule carries should be 0 or 1
-                let is_row_4_15 = next.flags.is_round_row - next.flags.is_first_4_rows;
-                builder
-                    .when(is_row_4_15.clone())
-                    .assert_bool(next.message_schedule.carry_or_buffer[i][j * 2]);
-                builder
-                    .when(is_row_4_15)
-                    .assert_bool(next.message_schedule.carry_or_buffer[i][j * 2 + 1]);
-            }
-            // Constrain w being composed of bits
-            for j in 0..SHA256_WORD_BITS {
-                builder
-                    .when(next.flags.is_round_row)
-                    .assert_bool(next.message_schedule.w[i][j]);
-            }
-        }
-    }
-
-    /// Constrain the work vars on `next` row according to the sha256 documentation
-    /// Refer to [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf]
-    fn eval_work_vars<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256RoundCols<AB::Var>,
-        next: &Sha256RoundCols<AB::Var>,
-    ) {
-        let a = [local.work_vars.a, next.work_vars.a].concat();
-        let e = [local.work_vars.e, next.work_vars.e].concat();
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            for j in 0..SHA256_WORD_U16S {
-                // Although we need carry_a <= 6 and carry_e <= 5, constraining carry_a, carry_e in [0, 2^8) is enough
-                // to prevent overflow and ensure the soundness of the addition we want to check
-                self.bitwise_lookup_bus
-                    .send_range(local.work_vars.carry_a[i][j], local.work_vars.carry_e[i][j])
-                    .eval(builder, local.flags.is_round_row);
-            }
-
-            let w_limbs = array::from_fn(|j| {
-                compose::<AB::Expr>(&next.message_schedule.w[i][j * 16..(j + 1) * 16], 1)
-                    * next.flags.is_round_row
-            });
-            let k_limbs = array::from_fn(|j| {
-                self.row_idx_encoder.flag_with_val::<AB>(
-                    &next.flags.row_idx,
-                    &(0..16)
-                        .map(|rw_idx| {
-                            (
-                                rw_idx,
-                                u32_into_limbs::<SHA256_WORD_U16S>(
-                                    SHA256_K[rw_idx * SHA256_ROUNDS_PER_ROW + i],
-                                )[j] as usize,
-                            )
-                        })
-                        .collect::<Vec<_>>(),
-                )
-            });
-
-            // Constrain `a = h + sig_1(e) + ch(e, f, g) + K + W + sig_0(a) + Maj(a, b, c)`
-            // We have to enforce this constraint on all rows since the degree of the constraint is already 3.
-            // So, we must fill in `carry_a` with dummy values on digest rows to ensure the constraint holds.
-            constraint_word_addition(
-                builder,
-                &[
-                    &e[i].map(|x| x.into()),                                 // previous `h`
-                    &big_sig1_field::<AB::Expr>(&e[i + 3]), // sig_1 of previous `e`
-                    &ch_field::<AB::Expr>(&e[i + 3], &e[i + 2], &e[i + 1]), // Ch of previous `e`, `f`, `g`
-                    &big_sig0_field::<AB::Expr>(&a[i + 3]),                 // sig_0 of previous `a`
-                    &maj_field::<AB::Expr>(&a[i + 3], &a[i + 2], &a[i + 1]), // Maj of previous a, b, c
-                ],
-                &[&w_limbs, &k_limbs],      // K and W
-                &a[i + 4],                  // new `a`
-                &next.work_vars.carry_a[i], // carries of addition
-            );
-
-            // Constrain `e = d + h + sig_1(e) + ch(e, f, g) + K + W`
-            // We have to enforce this constraint on all rows since the degree of the constraint is already 3.
-            // So, we must fill in `carry_e` with dummy values on digest rows to ensure the constraint holds.
-            constraint_word_addition(
-                builder,
-                &[
-                    &a[i].map(|x| x.into()),                                // previous `d`
-                    &e[i].map(|x| x.into()),                                // previous `h`
-                    &big_sig1_field::<AB::Expr>(&e[i + 3]),                 // sig_1 of previous `e`
-                    &ch_field::<AB::Expr>(&e[i + 3], &e[i + 2], &e[i + 1]), // Ch of previous `e`, `f`, `g`
-                ],
-                &[&w_limbs, &k_limbs],      // K and W
-                &e[i + 4],                  // new `e`
-                &next.work_vars.carry_e[i], // carries of addition
-            );
-        }
-    }
-}
diff --git a/crates/circuits/sha256-air/src/columns.rs b/crates/circuits/sha256-air/src/columns.rs
deleted file mode 100644
index 173aca0943..0000000000
--- a/crates/circuits/sha256-air/src/columns.rs
+++ /dev/null
@@ -1,134 +0,0 @@
-//! WARNING: the order of fields in the structs is important, do not change it
-
-use openvm_circuit_primitives::{utils::not, AlignedBorrow};
-use openvm_stark_backend::p3_field::FieldAlgebra;
-
-use super::{
-    SHA256_HASH_WORDS, SHA256_ROUNDS_PER_ROW, SHA256_ROW_VAR_CNT, SHA256_WORD_BITS,
-    SHA256_WORD_U16S, SHA256_WORD_U8S,
-};
-
-/// In each SHA256 block:
-/// - First 16 rows use Sha256RoundCols
-/// - Final row uses Sha256DigestCols
-///
-/// Note that for soundness, we require that there is always a padding row after the last digest row in the trace.
-/// Right now, this is true because the unpadded height is a multiple of 17, and thus not a power of 2.
-///
-/// Sha256RoundCols and Sha256DigestCols share the same first 3 fields:
-/// - flags
-/// - work_vars/hash (same type, different name)
-/// - schedule_helper
-///
-/// This design allows for:
-/// 1. Common constraints to work on either struct type by accessing these shared fields
-/// 2. Specific constraints to use the appropriate struct, with flags helping to do conditional constraints
-///
-/// Note that the `Sha256WorkVarsCols` field it is used for different purposes in the two structs.
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256RoundCols<T> {
-    pub flags: Sha256FlagsCols<T>,
-    /// Stores the current state of the working variables
-    pub work_vars: Sha256WorkVarsCols<T>,
-    pub schedule_helper: Sha256MessageHelperCols<T>,
-    pub message_schedule: Sha256MessageScheduleCols<T>,
-}
-
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256DigestCols<T> {
-    pub flags: Sha256FlagsCols<T>,
-    /// Will serve as previous hash values for the next block.
-    ///     - on non-last blocks, this is the final hash of the current block
-    ///     - on last blocks, this is the initial state constants, SHA256_H.
-    /// The work variables constraints are applied on all rows, so `carry_a` and `carry_e`
-    /// must be filled in with dummy values to ensure these constraints hold.
-    pub hash: Sha256WorkVarsCols<T>,
-    pub schedule_helper: Sha256MessageHelperCols<T>,
-    /// The actual final hash values of the given block
-    /// Note: the above `hash` will be equal to `final_hash` unless we are on the last block
-    pub final_hash: [[T; SHA256_WORD_U8S]; SHA256_HASH_WORDS],
-    /// The final hash of the previous block
-    /// Note: will be constrained using interactions with the chip itself
-    pub prev_hash: [[T; SHA256_WORD_U16S]; SHA256_HASH_WORDS],
-}
-
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256MessageScheduleCols<T> {
-    /// The message schedule words as 32-bit integers
-    /// The first 16 words will be the message data
-    pub w: [[T; SHA256_WORD_BITS]; SHA256_ROUNDS_PER_ROW],
-    /// Will be message schedule carries for rows 4..16 and a buffer for rows 0..4 to be used freely by wrapper chips
-    /// Note: carries are 2 bit numbers represented using 2 cells as individual bits
-    pub carry_or_buffer: [[T; SHA256_WORD_U8S]; SHA256_ROUNDS_PER_ROW],
-}
-
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256WorkVarsCols<T> {
-    /// `a` and `e` after each iteration as 32-bits
-    pub a: [[T; SHA256_WORD_BITS]; SHA256_ROUNDS_PER_ROW],
-    pub e: [[T; SHA256_WORD_BITS]; SHA256_ROUNDS_PER_ROW],
-    /// The carry's used for addition during each iteration when computing `a` and `e`
-    pub carry_a: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW],
-    pub carry_e: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW],
-}
-
-/// These are the columns that are used to help with the message schedule additions
-/// Note: these need to be correctly assigned for every row even on padding rows
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256MessageHelperCols<T> {
-    /// The following are used to move data forward to constrain the message schedule additions
-    /// The value of `w` (message schedule word) from 3 rounds ago
-    /// In general, `w_i` means `w` from `i` rounds ago
-    pub w_3: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW - 1],
-    /// Here intermediate(i) =  w_i + sig_0(w_{i+1})
-    /// Intermed_t represents the intermediate t rounds ago
-    /// This is needed to constrain the message schedule, since we can only constrain on two rows at a time
-    pub intermed_4: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW],
-    pub intermed_8: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW],
-    pub intermed_12: [[T; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW],
-}
-
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256FlagsCols<T> {
-    /// A flag that indicates if the current row is among the first 16 rows of a block.
-    pub is_round_row: T,
-    /// A flag that indicates if the current row is among the first 4 rows of a block.
-    pub is_first_4_rows: T,
-    /// A flag that indicates if the current row is the last (17th) row of a block.
-    pub is_digest_row: T,
-    // A flag that indicates if the current row is the last block of the message.
-    // This flag is only used in digest rows.
-    pub is_last_block: T,
-    /// We will encode the row index [0..17) using 5 cells
-    pub row_idx: [T; SHA256_ROW_VAR_CNT],
-    /// The index of the current block in the trace starting at 1.
-    /// Set to 0 on padding rows.
-    pub global_block_idx: T,
-    /// The index of the current block in the current message starting at 0.
-    /// Resets after every message.
-    /// Set to 0 on padding rows.
-    pub local_block_idx: T,
-}
-
-impl<O, T: Copy + core::ops::Add<Output = O>> Sha256FlagsCols<T> {
-    // This refers to the padding rows that are added to the air to make the trace length a power of 2.
-    // Not to be confused with the padding added to messages as part of the SHA hash function.
-    pub fn is_not_padding_row(&self) -> O {
-        self.is_round_row + self.is_digest_row
-    }
-
-    // This refers to the padding rows that are added to the air to make the trace length a power of 2.
-    // Not to be confused with the padding added to messages as part of the SHA hash function.
-    pub fn is_padding_row(&self) -> O
-    where
-        O: FieldAlgebra,
-    {
-        not(self.is_not_padding_row())
-    }
-}
diff --git a/crates/circuits/sha256-air/src/tests.rs b/crates/circuits/sha256-air/src/tests.rs
deleted file mode 100644
index 903b7b0695..0000000000
--- a/crates/circuits/sha256-air/src/tests.rs
+++ /dev/null
@@ -1,233 +0,0 @@
-use std::{array, borrow::BorrowMut, cmp::max, sync::Arc};
-
-use openvm_circuit::arch::{
-    instructions::riscv::RV32_CELL_BITS,
-    testing::{VmChipTestBuilder, BITWISE_OP_LOOKUP_BUS},
-};
-use openvm_circuit_primitives::{
-    bitwise_op_lookup::{BitwiseOperationLookupBus, SharedBitwiseOperationLookupChip},
-    SubAir,
-};
-use openvm_stark_backend::{
-    config::{StarkGenericConfig, Val},
-    interaction::{BusIndex, InteractionBuilder},
-    p3_air::{Air, BaseAir},
-    p3_field::{Field, FieldAlgebra, PrimeField32},
-    p3_maybe_rayon::prelude::{IndexedParallelIterator, ParallelIterator, ParallelSliceMut},
-    prover::types::AirProofInput,
-    rap::{get_air_name, BaseAirWithPublicValues, PartitionedBaseAir},
-    AirRef, Chip, ChipUsageGetter,
-};
-use openvm_stark_sdk::utils::create_seeded_rng;
-use rand::Rng;
-
-use crate::{
-    compose, small_sig0_field, Sha256Air, Sha256RoundCols, SHA256_BLOCK_U8S, SHA256_DIGEST_WIDTH,
-    SHA256_HASH_WORDS, SHA256_ROUNDS_PER_ROW, SHA256_ROUND_WIDTH, SHA256_ROWS_PER_BLOCK,
-    SHA256_WORD_U16S, SHA256_WORD_U8S,
-};
-
-// A wrapper AIR purely for testing purposes
-#[derive(Clone, Debug)]
-pub struct Sha256TestAir {
-    pub sub_air: Sha256Air,
-}
-
-impl<F: Field> BaseAirWithPublicValues<F> for Sha256TestAir {}
-impl<F: Field> PartitionedBaseAir<F> for Sha256TestAir {}
-impl<F: Field> BaseAir<F> for Sha256TestAir {
-    fn width(&self) -> usize {
-        <Sha256Air as BaseAir<F>>::width(&self.sub_air)
-    }
-}
-
-impl<AB: InteractionBuilder> Air<AB> for Sha256TestAir {
-    fn eval(&self, builder: &mut AB) {
-        self.sub_air.eval(builder, 0);
-    }
-}
-
-// A wrapper Chip purely for testing purposes
-pub struct Sha256TestChip {
-    pub air: Sha256TestAir,
-    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-    pub records: Vec<([u8; SHA256_BLOCK_U8S], bool)>,
-}
-
-impl<SC: StarkGenericConfig> Chip<SC> for Sha256TestChip
-where
-    Val<SC>: PrimeField32,
-{
-    fn air(&self) -> AirRef<SC> {
-        Arc::new(self.air.clone())
-    }
-
-    fn generate_air_proof_input(self) -> AirProofInput<SC> {
-        let trace = crate::generate_trace::<Val<SC>>(
-            &self.air.sub_air,
-            self.bitwise_lookup_chip.clone(),
-            self.records,
-        );
-        AirProofInput::simple_no_pis(trace)
-    }
-}
-
-impl ChipUsageGetter for Sha256TestChip {
-    fn air_name(&self) -> String {
-        get_air_name(&self.air)
-    }
-    fn current_trace_height(&self) -> usize {
-        self.records.len() * SHA256_ROWS_PER_BLOCK
-    }
-
-    fn trace_width(&self) -> usize {
-        max(SHA256_ROUND_WIDTH, SHA256_DIGEST_WIDTH)
-    }
-}
-
-const SELF_BUS_IDX: BusIndex = 28;
-#[test]
-fn rand_sha256_test() {
-    let mut rng = create_seeded_rng();
-    let tester = VmChipTestBuilder::default();
-    let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
-    let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
-    let len = rng.gen_range(1..100);
-    let random_records: Vec<_> = (0..len)
-        .map(|i| {
-            (
-                array::from_fn(|_| rng.gen::<u8>()),
-                rng.gen::<bool>() || i == len - 1,
-            )
-        })
-        .collect();
-    let chip = Sha256TestChip {
-        air: Sha256TestAir {
-            sub_air: Sha256Air::new(bitwise_bus, SELF_BUS_IDX),
-        },
-        bitwise_lookup_chip: bitwise_chip.clone(),
-        records: random_records,
-    };
-
-    let tester = tester.build().load(chip).load(bitwise_chip).finalize();
-    tester.simple_test().expect("Verification failed");
-}
-
-// A wrapper Chip to test that the final_hash is properly constrained.
-// This chip implements a malicious trace gen that violates the final_hash constraints.
-pub struct Sha256TestBadFinalHashChip {
-    pub air: Sha256TestAir,
-    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-    pub records: Vec<([u8; SHA256_BLOCK_U8S], bool)>,
-}
-
-impl<SC: StarkGenericConfig> Chip<SC> for Sha256TestBadFinalHashChip
-where
-    Val<SC>: PrimeField32,
-{
-    fn air(&self) -> AirRef<SC> {
-        Arc::new(self.air.clone())
-    }
-
-    fn generate_air_proof_input(self) -> AirProofInput<SC> {
-        let mut trace = crate::generate_trace::<Val<SC>>(
-            &self.air.sub_air,
-            self.bitwise_lookup_chip.clone(),
-            self.records.clone(),
-        );
-
-        // Set the final_hash in the digest row of the last block of each hash to zero.
-        // That is, every hash that this chip does will result in a final_hash of zero.
-        for (i, row) in self.records.iter().enumerate() {
-            if row.1 {
-                let last_digest_row_idx = (i + 1) * SHA256_ROWS_PER_BLOCK - 1;
-                let last_digest_row: &mut crate::Sha256DigestCols<Val<SC>> =
-                    trace.row_mut(last_digest_row_idx)[..SHA256_DIGEST_WIDTH].borrow_mut();
-                // Set the final_hash to all zeros
-                for i in 0..SHA256_HASH_WORDS {
-                    for j in 0..SHA256_WORD_U8S {
-                        last_digest_row.final_hash[i][j] = Val::<SC>::ZERO;
-                    }
-                }
-
-                let (last_round_row, last_digest_row) =
-                    trace.row_pair_mut(last_digest_row_idx - 1, last_digest_row_idx);
-                let last_round_row: &mut crate::Sha256RoundCols<Val<SC>> =
-                    last_round_row.borrow_mut();
-                let last_digest_row: &mut crate::Sha256RoundCols<Val<SC>> =
-                    last_digest_row.borrow_mut();
-                // fix the intermed_4 for the digest row
-                generate_intermed_4(last_round_row, last_digest_row);
-            }
-        }
-
-        let non_padded_height = self.records.len() * SHA256_ROWS_PER_BLOCK;
-        let width = <Sha256Air as BaseAir<Val<SC>>>::width(&self.air.sub_air);
-        // recalculate the missing cells (second pass of generate_trace)
-        trace.values[width..]
-            .par_chunks_mut(width * SHA256_ROWS_PER_BLOCK)
-            .take(non_padded_height / SHA256_ROWS_PER_BLOCK)
-            .for_each(|chunk| {
-                self.air.sub_air.generate_missing_cells(chunk, width, 0);
-            });
-
-        AirProofInput::simple_no_pis(trace)
-    }
-}
-
-// Copy of private method in Sha256Air used for testing
-/// Puts the correct intermed_4 in the `next_row`
-fn generate_intermed_4<F: PrimeField32>(
-    local_cols: &Sha256RoundCols<F>,
-    next_cols: &mut Sha256RoundCols<F>,
-) {
-    let w = [local_cols.message_schedule.w, next_cols.message_schedule.w].concat();
-    let w_limbs: Vec<[F; SHA256_WORD_U16S]> = w
-        .iter()
-        .map(|x| array::from_fn(|i| compose::<F>(&x[i * 16..(i + 1) * 16], 1)))
-        .collect();
-    for i in 0..SHA256_ROUNDS_PER_ROW {
-        let sig_w = small_sig0_field::<F>(&w[i + 1]);
-        let sig_w_limbs: [F; SHA256_WORD_U16S] =
-            array::from_fn(|j| compose::<F>(&sig_w[j * 16..(j + 1) * 16], 1));
-        for (j, sig_w_limb) in sig_w_limbs.iter().enumerate() {
-            next_cols.schedule_helper.intermed_4[i][j] = w_limbs[i][j] + *sig_w_limb;
-        }
-    }
-}
-
-impl ChipUsageGetter for Sha256TestBadFinalHashChip {
-    fn air_name(&self) -> String {
-        get_air_name(&self.air)
-    }
-    fn current_trace_height(&self) -> usize {
-        self.records.len() * SHA256_ROWS_PER_BLOCK
-    }
-
-    fn trace_width(&self) -> usize {
-        max(SHA256_ROUND_WIDTH, SHA256_DIGEST_WIDTH)
-    }
-}
-
-#[test]
-#[should_panic]
-fn test_sha256_final_hash_constraints() {
-    let mut rng = create_seeded_rng();
-    let tester = VmChipTestBuilder::default();
-    let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
-    let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
-    let len = rng.gen_range(1..100);
-    let random_records: Vec<_> = (0..len)
-        .map(|_| (array::from_fn(|_| rng.gen::<u8>()), true))
-        .collect();
-    let chip = Sha256TestBadFinalHashChip {
-        air: Sha256TestAir {
-            sub_air: Sha256Air::new(bitwise_bus, SELF_BUS_IDX),
-        },
-        bitwise_lookup_chip: bitwise_chip.clone(),
-        records: random_records,
-    };
-
-    let tester = tester.build().load(chip).load(bitwise_chip).finalize();
-    tester.simple_test().expect("Verification failed");
-}
diff --git a/crates/circuits/sha256-air/src/trace.rs b/crates/circuits/sha256-air/src/trace.rs
deleted file mode 100644
index 3862cc0443..0000000000
--- a/crates/circuits/sha256-air/src/trace.rs
+++ /dev/null
@@ -1,565 +0,0 @@
-use std::{array, borrow::BorrowMut, ops::Range};
-
-use openvm_circuit_primitives::{
-    bitwise_op_lookup::SharedBitwiseOperationLookupChip, utils::next_power_of_two_or_zero,
-};
-use openvm_stark_backend::{
-    p3_air::BaseAir, p3_field::PrimeField32, p3_matrix::dense::RowMajorMatrix,
-    p3_maybe_rayon::prelude::*,
-};
-use sha2::{compress256, digest::generic_array::GenericArray};
-
-use super::{
-    air::Sha256Air, big_sig0_field, big_sig1_field, ch_field, columns::Sha256RoundCols, compose,
-    get_flag_pt_array, maj_field, small_sig0_field, small_sig1_field, SHA256_BLOCK_WORDS,
-    SHA256_DIGEST_WIDTH, SHA256_HASH_WORDS, SHA256_ROUND_WIDTH,
-};
-use crate::{
-    big_sig0, big_sig1, ch, columns::Sha256DigestCols, limbs_into_u32, maj, small_sig0, small_sig1,
-    u32_into_limbs, SHA256_BLOCK_U8S, SHA256_BUFFER_SIZE, SHA256_H, SHA256_INVALID_CARRY_A,
-    SHA256_INVALID_CARRY_E, SHA256_K, SHA256_ROUNDS_PER_ROW, SHA256_ROWS_PER_BLOCK,
-    SHA256_WORD_BITS, SHA256_WORD_U16S, SHA256_WORD_U8S,
-};
-
-/// The trace generation of SHA256 should be done in two passes.
-/// The first pass should do `get_block_trace` for every block and generate the invalid rows through `get_default_row`
-/// The second pass should go through all the blocks and call `generate_missing_cells`
-impl Sha256Air {
-    /// This function takes the input_message (padding not handled), the previous hash,
-    /// and returns the new hash after processing the block input
-    pub fn get_block_hash(
-        prev_hash: &[u32; SHA256_HASH_WORDS],
-        input: [u8; SHA256_BLOCK_U8S],
-    ) -> [u32; SHA256_HASH_WORDS] {
-        let mut new_hash = *prev_hash;
-        let input_array = [GenericArray::from(input)];
-        compress256(&mut new_hash, &input_array);
-        new_hash
-    }
-
-    /// This function takes a 512-bit chunk of the input message (padding not handled), the previous hash,
-    /// a flag indicating if it's the last block, the global block index, the local block index,
-    /// and the buffer values that will be put in rows 0..4.
-    /// Will populate the given `trace` with the trace of the block, where the width of the trace is `trace_width`
-    /// and the starting column for the `Sha256Air` is `trace_start_col`.
-    /// **Note**: this function only generates some of the required trace. Another pass is required, refer to [`Self::generate_missing_cells`] for details.
-    #[allow(clippy::too_many_arguments)]
-    pub fn generate_block_trace<F: PrimeField32>(
-        &self,
-        trace: &mut [F],
-        trace_width: usize,
-        trace_start_col: usize,
-        input: &[u32; SHA256_BLOCK_WORDS],
-        bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-        prev_hash: &[u32; SHA256_HASH_WORDS],
-        is_last_block: bool,
-        global_block_idx: u32,
-        local_block_idx: u32,
-        buffer_vals: &[[F; SHA256_BUFFER_SIZE]; 4],
-    ) {
-        #[cfg(debug_assertions)]
-        {
-            assert!(trace.len() == trace_width * SHA256_ROWS_PER_BLOCK);
-            assert!(trace_start_col + super::SHA256_WIDTH <= trace_width);
-            assert!(self.bitwise_lookup_bus == bitwise_lookup_chip.bus());
-            if local_block_idx == 0 {
-                assert!(*prev_hash == SHA256_H);
-            }
-        }
-        let get_range = |start: usize, len: usize| -> Range<usize> { start..start + len };
-        let mut message_schedule = [0u32; 64];
-        message_schedule[..input.len()].copy_from_slice(input);
-        let mut work_vars = *prev_hash;
-        for (i, row) in trace.chunks_exact_mut(trace_width).enumerate() {
-            // doing the 64 rounds in 16 rows
-            if i < 16 {
-                let cols: &mut Sha256RoundCols<F> =
-                    row[get_range(trace_start_col, SHA256_ROUND_WIDTH)].borrow_mut();
-                cols.flags.is_round_row = F::ONE;
-                cols.flags.is_first_4_rows = if i < 4 { F::ONE } else { F::ZERO };
-                cols.flags.is_digest_row = F::ZERO;
-                cols.flags.is_last_block = F::from_bool(is_last_block);
-                cols.flags.row_idx =
-                    get_flag_pt_array(&self.row_idx_encoder, i).map(F::from_canonical_u32);
-                cols.flags.global_block_idx = F::from_canonical_u32(global_block_idx);
-                cols.flags.local_block_idx = F::from_canonical_u32(local_block_idx);
-
-                // W_idx = M_idx
-                if i < SHA256_ROWS_PER_BLOCK / SHA256_ROUNDS_PER_ROW {
-                    for j in 0..SHA256_ROUNDS_PER_ROW {
-                        cols.message_schedule.w[j] = u32_into_limbs::<SHA256_WORD_BITS>(
-                            input[i * SHA256_ROUNDS_PER_ROW + j],
-                        )
-                        .map(F::from_canonical_u32);
-                        cols.message_schedule.carry_or_buffer[j] =
-                            array::from_fn(|k| buffer_vals[i][j * SHA256_WORD_U16S * 2 + k]);
-                    }
-                }
-                // W_idx = SIG1(W_{idx-2}) + W_{idx-7} + SIG0(W_{idx-15}) + W_{idx-16}
-                else {
-                    for j in 0..SHA256_ROUNDS_PER_ROW {
-                        let idx = i * SHA256_ROUNDS_PER_ROW + j;
-                        let nums: [u32; 4] = [
-                            small_sig1(message_schedule[idx - 2]),
-                            message_schedule[idx - 7],
-                            small_sig0(message_schedule[idx - 15]),
-                            message_schedule[idx - 16],
-                        ];
-                        let w: u32 = nums.iter().fold(0, |acc, &num| acc.wrapping_add(num));
-                        cols.message_schedule.w[j] =
-                            u32_into_limbs::<SHA256_WORD_BITS>(w).map(F::from_canonical_u32);
-
-                        let nums_limbs = nums
-                            .iter()
-                            .map(|x| u32_into_limbs::<SHA256_WORD_U16S>(*x))
-                            .collect::<Vec<_>>();
-                        let w_limbs = u32_into_limbs::<SHA256_WORD_U16S>(w);
-
-                        // fill in the carrys
-                        for k in 0..SHA256_WORD_U16S {
-                            let mut sum = nums_limbs.iter().fold(0, |acc, num| acc + num[k]);
-                            if k > 0 {
-                                sum += (cols.message_schedule.carry_or_buffer[j][k * 2 - 2]
-                                    + F::TWO * cols.message_schedule.carry_or_buffer[j][k * 2 - 1])
-                                    .as_canonical_u32();
-                            }
-                            let carry = (sum - w_limbs[k]) >> 16;
-                            cols.message_schedule.carry_or_buffer[j][k * 2] =
-                                F::from_canonical_u32(carry & 1);
-                            cols.message_schedule.carry_or_buffer[j][k * 2 + 1] =
-                                F::from_canonical_u32(carry >> 1);
-                        }
-                        // update the message schedule
-                        message_schedule[idx] = w;
-                    }
-                }
-                // fill in the work variables
-                for j in 0..SHA256_ROUNDS_PER_ROW {
-                    // t1 = h + SIG1(e) + ch(e, f, g) + K_idx + W_idx
-                    let t1 = [
-                        work_vars[7],
-                        big_sig1(work_vars[4]),
-                        ch(work_vars[4], work_vars[5], work_vars[6]),
-                        SHA256_K[i * SHA256_ROUNDS_PER_ROW + j],
-                        limbs_into_u32(cols.message_schedule.w[j].map(|f| f.as_canonical_u32())),
-                    ];
-                    let t1_sum: u32 = t1.iter().fold(0, |acc, &num| acc.wrapping_add(num));
-
-                    // t2 = SIG0(a) + maj(a, b, c)
-                    let t2 = [
-                        big_sig0(work_vars[0]),
-                        maj(work_vars[0], work_vars[1], work_vars[2]),
-                    ];
-
-                    let t2_sum: u32 = t2.iter().fold(0, |acc, &num| acc.wrapping_add(num));
-
-                    // e = d + t1
-                    let e = work_vars[3].wrapping_add(t1_sum);
-                    cols.work_vars.e[j] =
-                        u32_into_limbs::<SHA256_WORD_BITS>(e).map(F::from_canonical_u32);
-                    let e_limbs = u32_into_limbs::<SHA256_WORD_U16S>(e);
-                    // a = t1 + t2
-                    let a = t1_sum.wrapping_add(t2_sum);
-                    cols.work_vars.a[j] =
-                        u32_into_limbs::<SHA256_WORD_BITS>(a).map(F::from_canonical_u32);
-                    let a_limbs = u32_into_limbs::<SHA256_WORD_U16S>(a);
-                    // fill in the carrys
-                    for k in 0..SHA256_WORD_U16S {
-                        let t1_limb = t1.iter().fold(0, |acc, &num| {
-                            acc + u32_into_limbs::<SHA256_WORD_U16S>(num)[k]
-                        });
-                        let t2_limb = t2.iter().fold(0, |acc, &num| {
-                            acc + u32_into_limbs::<SHA256_WORD_U16S>(num)[k]
-                        });
-
-                        let mut e_limb =
-                            t1_limb + u32_into_limbs::<SHA256_WORD_U16S>(work_vars[3])[k];
-                        let mut a_limb = t1_limb + t2_limb;
-                        if k > 0 {
-                            a_limb += cols.work_vars.carry_a[j][k - 1].as_canonical_u32();
-                            e_limb += cols.work_vars.carry_e[j][k - 1].as_canonical_u32();
-                        }
-                        let carry_a = (a_limb - a_limbs[k]) >> 16;
-                        let carry_e = (e_limb - e_limbs[k]) >> 16;
-                        cols.work_vars.carry_a[j][k] = F::from_canonical_u32(carry_a);
-                        cols.work_vars.carry_e[j][k] = F::from_canonical_u32(carry_e);
-                        bitwise_lookup_chip.request_range(carry_a, carry_e);
-                    }
-
-                    // update working variables
-                    work_vars[7] = work_vars[6];
-                    work_vars[6] = work_vars[5];
-                    work_vars[5] = work_vars[4];
-                    work_vars[4] = e;
-                    work_vars[3] = work_vars[2];
-                    work_vars[2] = work_vars[1];
-                    work_vars[1] = work_vars[0];
-                    work_vars[0] = a;
-                }
-
-                // filling w_3 and intermed_4 here and the rest later
-                if i > 0 {
-                    for j in 0..SHA256_ROUNDS_PER_ROW {
-                        let idx = i * SHA256_ROUNDS_PER_ROW + j;
-                        let w_4 = u32_into_limbs::<SHA256_WORD_U16S>(message_schedule[idx - 4]);
-                        let sig_0_w_3 = u32_into_limbs::<SHA256_WORD_U16S>(small_sig0(
-                            message_schedule[idx - 3],
-                        ));
-                        cols.schedule_helper.intermed_4[j] =
-                            array::from_fn(|k| F::from_canonical_u32(w_4[k] + sig_0_w_3[k]));
-                        if j < SHA256_ROUNDS_PER_ROW - 1 {
-                            let w_3 = message_schedule[idx - 3];
-                            cols.schedule_helper.w_3[j] =
-                                u32_into_limbs::<SHA256_WORD_U16S>(w_3).map(F::from_canonical_u32);
-                        }
-                    }
-                }
-            }
-            // generate the digest row
-            else {
-                let cols: &mut Sha256DigestCols<F> =
-                    row[get_range(trace_start_col, SHA256_DIGEST_WIDTH)].borrow_mut();
-                for j in 0..SHA256_ROUNDS_PER_ROW - 1 {
-                    let w_3 = message_schedule[i * SHA256_ROUNDS_PER_ROW + j - 3];
-                    cols.schedule_helper.w_3[j] =
-                        u32_into_limbs::<SHA256_WORD_U16S>(w_3).map(F::from_canonical_u32);
-                }
-                cols.flags.is_round_row = F::ZERO;
-                cols.flags.is_first_4_rows = F::ZERO;
-                cols.flags.is_digest_row = F::ONE;
-                cols.flags.is_last_block = F::from_bool(is_last_block);
-                cols.flags.row_idx =
-                    get_flag_pt_array(&self.row_idx_encoder, 16).map(F::from_canonical_u32);
-                cols.flags.global_block_idx = F::from_canonical_u32(global_block_idx);
-
-                cols.flags.local_block_idx = F::from_canonical_u32(local_block_idx);
-                let final_hash: [u32; SHA256_HASH_WORDS] =
-                    array::from_fn(|i| work_vars[i].wrapping_add(prev_hash[i]));
-                let final_hash_limbs: [[u32; SHA256_WORD_U8S]; SHA256_HASH_WORDS] =
-                    array::from_fn(|i| u32_into_limbs::<SHA256_WORD_U8S>(final_hash[i]));
-                // need to ensure final hash limbs are bytes, in order for
-                //   prev_hash[i] + work_vars[i] == final_hash[i]
-                // to be constrained correctly
-                for word in final_hash_limbs.iter() {
-                    for chunk in word.chunks(2) {
-                        bitwise_lookup_chip.request_range(chunk[0], chunk[1]);
-                    }
-                }
-                cols.final_hash = array::from_fn(|i| {
-                    array::from_fn(|j| F::from_canonical_u32(final_hash_limbs[i][j]))
-                });
-                cols.prev_hash = prev_hash
-                    .map(|f| u32_into_limbs::<SHA256_WORD_U16S>(f).map(F::from_canonical_u32));
-                let hash = if is_last_block {
-                    SHA256_H.map(u32_into_limbs::<SHA256_WORD_BITS>)
-                } else {
-                    cols.final_hash
-                        .map(|f| limbs_into_u32(f.map(|x| x.as_canonical_u32())))
-                        .map(u32_into_limbs::<SHA256_WORD_BITS>)
-                }
-                .map(|x| x.map(F::from_canonical_u32));
-
-                for i in 0..SHA256_ROUNDS_PER_ROW {
-                    cols.hash.a[i] = hash[SHA256_ROUNDS_PER_ROW - i - 1];
-                    cols.hash.e[i] = hash[SHA256_ROUNDS_PER_ROW - i + 3];
-                }
-            }
-        }
-
-        for i in 0..SHA256_ROWS_PER_BLOCK - 1 {
-            let rows = &mut trace[i * trace_width..(i + 2) * trace_width];
-            let (local, next) = rows.split_at_mut(trace_width);
-            let local_cols: &mut Sha256RoundCols<F> =
-                local[get_range(trace_start_col, SHA256_ROUND_WIDTH)].borrow_mut();
-            let next_cols: &mut Sha256RoundCols<F> =
-                next[get_range(trace_start_col, SHA256_ROUND_WIDTH)].borrow_mut();
-            if i > 0 {
-                for j in 0..SHA256_ROUNDS_PER_ROW {
-                    next_cols.schedule_helper.intermed_8[j] =
-                        local_cols.schedule_helper.intermed_4[j];
-                    if (2..SHA256_ROWS_PER_BLOCK - 3).contains(&i) {
-                        next_cols.schedule_helper.intermed_12[j] =
-                            local_cols.schedule_helper.intermed_8[j];
-                    }
-                }
-            }
-            if i == SHA256_ROWS_PER_BLOCK - 2 {
-                // `next` is a digest row.
-                // Fill in `carry_a` and `carry_e` with dummy values so the constraints on `a` and `e` hold.
-                Self::generate_carry_ae(local_cols, next_cols);
-                // Fill in row 16's `intermed_4` with dummy values so the message schedule constraints holds on that row
-                Self::generate_intermed_4(local_cols, next_cols);
-            }
-            if i <= 2 {
-                // i is in 0..3.
-                // Fill in `local.intermed_12` with dummy values so the message schedule constraints hold on rows 1..4.
-                Self::generate_intermed_12(local_cols, next_cols);
-            }
-        }
-    }
-
-    /// This function will fill in the cells that we couldn't do during the first pass.
-    /// This function should be called only after `generate_block_trace` was called for all blocks
-    /// And [`Self::generate_default_row`] is called for all invalid rows
-    /// Will populate the missing values of `trace`, where the width of the trace is `trace_width`
-    /// and the starting column for the `Sha256Air` is `trace_start_col`.
-    /// Note: `trace` needs to be the rows 1..17 of a block and the first row of the next block
-    pub fn generate_missing_cells<F: PrimeField32>(
-        &self,
-        trace: &mut [F],
-        trace_width: usize,
-        trace_start_col: usize,
-    ) {
-        // Here row_17 = next blocks row 0
-        let rows_15_17 = &mut trace[14 * trace_width..17 * trace_width];
-        let (row_15, row_16_17) = rows_15_17.split_at_mut(trace_width);
-        let (row_16, row_17) = row_16_17.split_at_mut(trace_width);
-        let cols_15: &mut Sha256RoundCols<F> =
-            row_15[trace_start_col..trace_start_col + SHA256_ROUND_WIDTH].borrow_mut();
-        let cols_16: &mut Sha256RoundCols<F> =
-            row_16[trace_start_col..trace_start_col + SHA256_ROUND_WIDTH].borrow_mut();
-        let cols_17: &mut Sha256RoundCols<F> =
-            row_17[trace_start_col..trace_start_col + SHA256_ROUND_WIDTH].borrow_mut();
-        // Fill in row 15's `intermed_12` with dummy values so the message schedule constraints holds on row 16
-        Self::generate_intermed_12(cols_15, cols_16);
-        // Fill in row 16's `intermed_12` with dummy values so the message schedule constraints holds on the next block's row 0
-        Self::generate_intermed_12(cols_16, cols_17);
-        // Fill in row 0's `intermed_4` with dummy values so the message schedule constraints holds on that row
-        Self::generate_intermed_4(cols_16, cols_17);
-    }
-
-    /// Fills the `cols` as a padding row
-    /// Note: we still need to correctly fill in the hash values, carries and intermeds
-    pub fn generate_default_row<F: PrimeField32>(self: &Sha256Air, cols: &mut Sha256RoundCols<F>) {
-        cols.flags.is_round_row = F::ZERO;
-        cols.flags.is_first_4_rows = F::ZERO;
-        cols.flags.is_digest_row = F::ZERO;
-
-        cols.flags.is_last_block = F::ZERO;
-        cols.flags.global_block_idx = F::ZERO;
-        cols.flags.row_idx =
-            get_flag_pt_array(&self.row_idx_encoder, 17).map(F::from_canonical_u32);
-        cols.flags.local_block_idx = F::ZERO;
-
-        cols.message_schedule.w = [[F::ZERO; SHA256_WORD_BITS]; SHA256_ROUNDS_PER_ROW];
-        cols.message_schedule.carry_or_buffer =
-            [[F::ZERO; SHA256_WORD_U16S * 2]; SHA256_ROUNDS_PER_ROW];
-
-        let hash = SHA256_H
-            .map(u32_into_limbs::<SHA256_WORD_BITS>)
-            .map(|x| x.map(F::from_canonical_u32));
-
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            cols.work_vars.a[i] = hash[SHA256_ROUNDS_PER_ROW - i - 1];
-            cols.work_vars.e[i] = hash[SHA256_ROUNDS_PER_ROW - i + 3];
-        }
-
-        cols.work_vars.carry_a = array::from_fn(|i| {
-            array::from_fn(|j| F::from_canonical_u32(SHA256_INVALID_CARRY_A[i][j]))
-        });
-        cols.work_vars.carry_e = array::from_fn(|i| {
-            array::from_fn(|j| F::from_canonical_u32(SHA256_INVALID_CARRY_E[i][j]))
-        });
-    }
-
-    /// The following functions do the calculations in native field since they will be called on padding rows
-    /// which can overflow and we need to make sure it matches the AIR constraints
-    /// Puts the correct carrys in the `next_row`, the resulting carrys can be out of bound
-    fn generate_carry_ae<F: PrimeField32>(
-        local_cols: &Sha256RoundCols<F>,
-        next_cols: &mut Sha256RoundCols<F>,
-    ) {
-        let a = [local_cols.work_vars.a, next_cols.work_vars.a].concat();
-        let e = [local_cols.work_vars.e, next_cols.work_vars.e].concat();
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            let cur_a = a[i + 4];
-            let sig_a = big_sig0_field::<F>(&a[i + 3]);
-            let maj_abc = maj_field::<F>(&a[i + 3], &a[i + 2], &a[i + 1]);
-            let d = a[i];
-            let cur_e = e[i + 4];
-            let sig_e = big_sig1_field::<F>(&e[i + 3]);
-            let ch_efg = ch_field::<F>(&e[i + 3], &e[i + 2], &e[i + 1]);
-            let h = e[i];
-
-            let t1 = [h, sig_e, ch_efg];
-            let t2 = [sig_a, maj_abc];
-            for j in 0..SHA256_WORD_U16S {
-                let t1_limb_sum = t1.iter().fold(F::ZERO, |acc, x| {
-                    acc + compose::<F>(&x[j * 16..(j + 1) * 16], 1)
-                });
-                let t2_limb_sum = t2.iter().fold(F::ZERO, |acc, x| {
-                    acc + compose::<F>(&x[j * 16..(j + 1) * 16], 1)
-                });
-                let d_limb = compose::<F>(&d[j * 16..(j + 1) * 16], 1);
-                let cur_a_limb = compose::<F>(&cur_a[j * 16..(j + 1) * 16], 1);
-                let cur_e_limb = compose::<F>(&cur_e[j * 16..(j + 1) * 16], 1);
-                let sum = d_limb
-                    + t1_limb_sum
-                    + if j == 0 {
-                        F::ZERO
-                    } else {
-                        next_cols.work_vars.carry_e[i][j - 1]
-                    }
-                    - cur_e_limb;
-                let carry_e = sum * (F::from_canonical_u32(1 << 16).inverse());
-
-                let sum = t1_limb_sum
-                    + t2_limb_sum
-                    + if j == 0 {
-                        F::ZERO
-                    } else {
-                        next_cols.work_vars.carry_a[i][j - 1]
-                    }
-                    - cur_a_limb;
-                let carry_a = sum * (F::from_canonical_u32(1 << 16).inverse());
-                next_cols.work_vars.carry_e[i][j] = carry_e;
-                next_cols.work_vars.carry_a[i][j] = carry_a;
-            }
-        }
-    }
-
-    /// Puts the correct intermed_4 in the `next_row`
-    fn generate_intermed_4<F: PrimeField32>(
-        local_cols: &Sha256RoundCols<F>,
-        next_cols: &mut Sha256RoundCols<F>,
-    ) {
-        let w = [local_cols.message_schedule.w, next_cols.message_schedule.w].concat();
-        let w_limbs: Vec<[F; SHA256_WORD_U16S]> = w
-            .iter()
-            .map(|x| array::from_fn(|i| compose::<F>(&x[i * 16..(i + 1) * 16], 1)))
-            .collect();
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            let sig_w = small_sig0_field::<F>(&w[i + 1]);
-            let sig_w_limbs: [F; SHA256_WORD_U16S] =
-                array::from_fn(|j| compose::<F>(&sig_w[j * 16..(j + 1) * 16], 1));
-            for (j, sig_w_limb) in sig_w_limbs.iter().enumerate() {
-                next_cols.schedule_helper.intermed_4[i][j] = w_limbs[i][j] + *sig_w_limb;
-            }
-        }
-    }
-
-    /// Puts the needed intermed_12 in the `local_row`
-    fn generate_intermed_12<F: PrimeField32>(
-        local_cols: &mut Sha256RoundCols<F>,
-        next_cols: &Sha256RoundCols<F>,
-    ) {
-        let w = [local_cols.message_schedule.w, next_cols.message_schedule.w].concat();
-        let w_limbs: Vec<[F; SHA256_WORD_U16S]> = w
-            .iter()
-            .map(|x| array::from_fn(|i| compose::<F>(&x[i * 16..(i + 1) * 16], 1)))
-            .collect();
-        for i in 0..SHA256_ROUNDS_PER_ROW {
-            // sig_1(w_{t-2})
-            let sig_w_2: [F; SHA256_WORD_U16S] = array::from_fn(|j| {
-                compose::<F>(&small_sig1_field::<F>(&w[i + 2])[j * 16..(j + 1) * 16], 1)
-            });
-            // w_{t-7}
-            let w_7 = if i < 3 {
-                local_cols.schedule_helper.w_3[i]
-            } else {
-                w_limbs[i - 3]
-            };
-            // w_t
-            let w_cur = w_limbs[i + 4];
-            for j in 0..SHA256_WORD_U16S {
-                let carry = next_cols.message_schedule.carry_or_buffer[i][j * 2]
-                    + F::TWO * next_cols.message_schedule.carry_or_buffer[i][j * 2 + 1];
-                let sum = sig_w_2[j] + w_7[j] - carry * F::from_canonical_u32(1 << 16) - w_cur[j]
-                    + if j > 0 {
-                        next_cols.message_schedule.carry_or_buffer[i][j * 2 - 2]
-                            + F::from_canonical_u32(2)
-                                * next_cols.message_schedule.carry_or_buffer[i][j * 2 - 1]
-                    } else {
-                        F::ZERO
-                    };
-                local_cols.schedule_helper.intermed_12[i][j] = -sum;
-            }
-        }
-    }
-}
-
-/// `records` consists of pairs of `(input_block, is_last_block)`.
-pub fn generate_trace<F: PrimeField32>(
-    sub_air: &Sha256Air,
-    bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-    records: Vec<([u8; SHA256_BLOCK_U8S], bool)>,
-) -> RowMajorMatrix<F> {
-    let non_padded_height = records.len() * SHA256_ROWS_PER_BLOCK;
-    let height = next_power_of_two_or_zero(non_padded_height);
-    let width = <Sha256Air as BaseAir<F>>::width(sub_air);
-    let mut values = F::zero_vec(height * width);
-
-    struct BlockContext {
-        prev_hash: [u32; 8],
-        local_block_idx: u32,
-        global_block_idx: u32,
-        input: [u8; SHA256_BLOCK_U8S],
-        is_last_block: bool,
-    }
-    let mut block_ctx: Vec<BlockContext> = Vec::with_capacity(records.len());
-    let mut prev_hash = SHA256_H;
-    let mut local_block_idx = 0;
-    let mut global_block_idx = 1;
-    for (input, is_last_block) in records {
-        block_ctx.push(BlockContext {
-            prev_hash,
-            local_block_idx,
-            global_block_idx,
-            input,
-            is_last_block,
-        });
-        global_block_idx += 1;
-        if is_last_block {
-            local_block_idx = 0;
-            prev_hash = SHA256_H;
-        } else {
-            local_block_idx += 1;
-            prev_hash = Sha256Air::get_block_hash(&prev_hash, input);
-        }
-    }
-    // first pass
-    values
-        .par_chunks_exact_mut(width * SHA256_ROWS_PER_BLOCK)
-        .zip(block_ctx)
-        .for_each(|(block, ctx)| {
-            let BlockContext {
-                prev_hash,
-                local_block_idx,
-                global_block_idx,
-                input,
-                is_last_block,
-            } = ctx;
-            let input_words = array::from_fn(|i| {
-                limbs_into_u32::<SHA256_WORD_U8S>(array::from_fn(|j| {
-                    input[(i + 1) * SHA256_WORD_U8S - j - 1] as u32
-                }))
-            });
-            sub_air.generate_block_trace(
-                block,
-                width,
-                0,
-                &input_words,
-                bitwise_lookup_chip.clone(),
-                &prev_hash,
-                is_last_block,
-                global_block_idx,
-                local_block_idx,
-                &[[F::ZERO; 16]; 4],
-            );
-        });
-    // second pass: padding rows
-    values[width * non_padded_height..]
-        .par_chunks_mut(width)
-        .for_each(|row| {
-            let cols: &mut Sha256RoundCols<F> = row.borrow_mut();
-            sub_air.generate_default_row(cols);
-        });
-    // second pass: non-padding rows
-    values[width..]
-        .par_chunks_mut(width * SHA256_ROWS_PER_BLOCK)
-        .take(non_padded_height / SHA256_ROWS_PER_BLOCK)
-        .for_each(|chunk| {
-            sub_air.generate_missing_cells(chunk, width, 0);
-        });
-    RowMajorMatrix::new(values, width)
-}
diff --git a/crates/circuits/sha256-air/src/utils.rs b/crates/circuits/sha256-air/src/utils.rs
deleted file mode 100644
index abf8b6e7f2..0000000000
--- a/crates/circuits/sha256-air/src/utils.rs
+++ /dev/null
@@ -1,268 +0,0 @@
-use std::array;
-
-pub use openvm_circuit_primitives::utils::compose;
-use openvm_circuit_primitives::{
-    encoder::Encoder,
-    utils::{not, select},
-};
-use openvm_stark_backend::{p3_air::AirBuilder, p3_field::FieldAlgebra};
-use rand::{rngs::StdRng, Rng};
-
-use super::{Sha256DigestCols, Sha256RoundCols};
-
-// ==== Do not change these constants! ====
-/// Number of bits in a SHA256 word
-pub const SHA256_WORD_BITS: usize = 32;
-/// Number of 16-bit limbs in a SHA256 word
-pub const SHA256_WORD_U16S: usize = SHA256_WORD_BITS / 16;
-/// Number of 8-bit limbs in a SHA256 word
-pub const SHA256_WORD_U8S: usize = SHA256_WORD_BITS / 8;
-/// Number of words in a SHA256 block
-pub const SHA256_BLOCK_WORDS: usize = 16;
-/// Number of cells in a SHA256 block
-pub const SHA256_BLOCK_U8S: usize = SHA256_BLOCK_WORDS * SHA256_WORD_U8S;
-/// Number of bits in a SHA256 block
-pub const SHA256_BLOCK_BITS: usize = SHA256_BLOCK_WORDS * SHA256_WORD_BITS;
-/// Number of rows per block
-pub const SHA256_ROWS_PER_BLOCK: usize = 17;
-/// Number of rounds per row
-pub const SHA256_ROUNDS_PER_ROW: usize = 4;
-/// Number of words in a SHA256 hash
-pub const SHA256_HASH_WORDS: usize = 8;
-/// Number of vars needed to encode the row index with [Encoder]
-pub const SHA256_ROW_VAR_CNT: usize = 5;
-/// Width of the Sha256RoundCols
-pub const SHA256_ROUND_WIDTH: usize = Sha256RoundCols::<u8>::width();
-/// Width of the Sha256DigestCols
-pub const SHA256_DIGEST_WIDTH: usize = Sha256DigestCols::<u8>::width();
-/// Size of the buffer of the first 4 rows of a block (each row's size)
-pub const SHA256_BUFFER_SIZE: usize = SHA256_ROUNDS_PER_ROW * SHA256_WORD_U16S * 2;
-/// Width of the Sha256Cols
-pub const SHA256_WIDTH: usize = if SHA256_ROUND_WIDTH > SHA256_DIGEST_WIDTH {
-    SHA256_ROUND_WIDTH
-} else {
-    SHA256_DIGEST_WIDTH
-};
-/// We can notice that `carry_a`'s and `carry_e`'s are always the same on invalid rows
-/// To optimize the trace generation of invalid rows, we have those values precomputed here
-pub(crate) const SHA256_INVALID_CARRY_A: [[u32; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW] = [
-    [1230919683, 1162494304],
-    [266373122, 1282901987],
-    [1519718403, 1008990871],
-    [923381762, 330807052],
-];
-pub(crate) const SHA256_INVALID_CARRY_E: [[u32; SHA256_WORD_U16S]; SHA256_ROUNDS_PER_ROW] = [
-    [204933122, 1994683449],
-    [443873282, 1544639095],
-    [719953922, 1888246508],
-    [194580482, 1075725211],
-];
-/// SHA256 constant K's
-pub const SHA256_K: [u32; 64] = [
-    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
-    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
-    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
-    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
-    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
-    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
-    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
-];
-
-/// SHA256 initial hash values
-pub const SHA256_H: [u32; 8] = [
-    0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,
-];
-
-/// Convert a u32 into a list of limbs in little endian
-pub fn u32_into_limbs<const NUM_LIMBS: usize>(num: u32) -> [u32; NUM_LIMBS] {
-    let limb_bits = 32 / NUM_LIMBS;
-    array::from_fn(|i| (num >> (limb_bits * i)) & ((1 << limb_bits) - 1))
-}
-
-/// Convert a list of limbs in little endian into a u32
-pub fn limbs_into_u32<const NUM_LIMBS: usize>(limbs: [u32; NUM_LIMBS]) -> u32 {
-    let limb_bits = 32 / NUM_LIMBS;
-    limbs
-        .iter()
-        .rev()
-        .fold(0, |acc, &limb| (acc << limb_bits) | limb)
-}
-
-/// Rotates `bits` right by `n` bits, assumes `bits` is in little-endian
-#[inline]
-pub(crate) fn rotr<F: FieldAlgebra + Clone>(
-    bits: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    n: usize,
-) -> [F; SHA256_WORD_BITS] {
-    array::from_fn(|i| bits[(i + n) % SHA256_WORD_BITS].clone().into())
-}
-
-/// Shifts `bits` right by `n` bits, assumes `bits` is in little-endian
-#[inline]
-pub(crate) fn shr<F: FieldAlgebra + Clone>(
-    bits: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    n: usize,
-) -> [F; SHA256_WORD_BITS] {
-    array::from_fn(|i| {
-        if i + n < SHA256_WORD_BITS {
-            bits[i + n].clone().into()
-        } else {
-            F::ZERO
-        }
-    })
-}
-
-/// Computes x ^ y ^ z, where x, y, z are assumed to be boolean
-#[inline]
-pub(crate) fn xor_bit<F: FieldAlgebra + Clone>(
-    x: impl Into<F>,
-    y: impl Into<F>,
-    z: impl Into<F>,
-) -> F {
-    let (x, y, z) = (x.into(), y.into(), z.into());
-    (x.clone() * y.clone() * z.clone())
-        + (x.clone() * not::<F>(y.clone()) * not::<F>(z.clone()))
-        + (not::<F>(x.clone()) * y.clone() * not::<F>(z.clone()))
-        + (not::<F>(x) * not::<F>(y) * z)
-}
-
-/// Computes x ^ y ^ z, where x, y, z are [SHA256_WORD_BITS] bit numbers
-#[inline]
-pub(crate) fn xor<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    y: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    z: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    array::from_fn(|i| xor_bit(x[i].clone(), y[i].clone(), z[i].clone()))
-}
-
-/// Choose function from SHA256
-#[inline]
-pub fn ch(x: u32, y: u32, z: u32) -> u32 {
-    (x & y) ^ ((!x) & z)
-}
-
-/// Computes Ch(x,y,z), where x, y, z are [SHA256_WORD_BITS] bit numbers
-#[inline]
-pub(crate) fn ch_field<F: FieldAlgebra>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    y: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    z: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    array::from_fn(|i| select(x[i].clone(), y[i].clone(), z[i].clone()))
-}
-
-/// Majority function from SHA256
-pub fn maj(x: u32, y: u32, z: u32) -> u32 {
-    (x & y) ^ (x & z) ^ (y & z)
-}
-
-/// Computes Maj(x,y,z), where x, y, z are [SHA256_WORD_BITS] bit numbers
-#[inline]
-pub(crate) fn maj_field<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    y: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-    z: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    array::from_fn(|i| {
-        let (x, y, z) = (
-            x[i].clone().into(),
-            y[i].clone().into(),
-            z[i].clone().into(),
-        );
-        x.clone() * y.clone() + x.clone() * z.clone() + y.clone() * z.clone() - F::TWO * x * y * z
-    })
-}
-
-/// Big sigma_0 function from SHA256
-pub fn big_sig0(x: u32) -> u32 {
-    x.rotate_right(2) ^ x.rotate_right(13) ^ x.rotate_right(22)
-}
-
-/// Computes BigSigma0(x), where x is a [SHA256_WORD_BITS] bit number in little-endian
-#[inline]
-pub(crate) fn big_sig0_field<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    xor(&rotr::<F>(x, 2), &rotr::<F>(x, 13), &rotr::<F>(x, 22))
-}
-
-/// Big sigma_1 function from SHA256
-pub fn big_sig1(x: u32) -> u32 {
-    x.rotate_right(6) ^ x.rotate_right(11) ^ x.rotate_right(25)
-}
-
-/// Computes BigSigma1(x), where x is a [SHA256_WORD_BITS] bit number in little-endian
-#[inline]
-pub(crate) fn big_sig1_field<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    xor(&rotr::<F>(x, 6), &rotr::<F>(x, 11), &rotr::<F>(x, 25))
-}
-
-/// Small sigma_0 function from SHA256
-pub fn small_sig0(x: u32) -> u32 {
-    x.rotate_right(7) ^ x.rotate_right(18) ^ (x >> 3)
-}
-
-/// Computes SmallSigma0(x), where x is a [SHA256_WORD_BITS] bit number in little-endian
-#[inline]
-pub(crate) fn small_sig0_field<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    xor(&rotr::<F>(x, 7), &rotr::<F>(x, 18), &shr::<F>(x, 3))
-}
-
-/// Small sigma_1 function from SHA256
-pub fn small_sig1(x: u32) -> u32 {
-    x.rotate_right(17) ^ x.rotate_right(19) ^ (x >> 10)
-}
-
-/// Computes SmallSigma1(x), where x is a [SHA256_WORD_BITS] bit number in little-endian
-#[inline]
-pub(crate) fn small_sig1_field<F: FieldAlgebra + Clone>(
-    x: &[impl Into<F> + Clone; SHA256_WORD_BITS],
-) -> [F; SHA256_WORD_BITS] {
-    xor(&rotr::<F>(x, 17), &rotr::<F>(x, 19), &shr::<F>(x, 10))
-}
-
-/// Generate a random message of a given length
-pub fn get_random_message(rng: &mut StdRng, len: usize) -> Vec<u8> {
-    let mut random_message: Vec<u8> = vec![0u8; len];
-    rng.fill(&mut random_message[..]);
-    random_message
-}
-
-/// Wrapper of `get_flag_pt` to get the flag pointer as an array
-pub fn get_flag_pt_array<const N: usize>(encoder: &Encoder, flag_idx: usize) -> [u32; N] {
-    encoder.get_flag_pt(flag_idx).try_into().unwrap()
-}
-
-/// Constrain the addition of [SHA256_WORD_BITS] bit words in 16-bit limbs
-/// It takes in the terms some in bits some in 16-bit limbs,
-/// the expected sum in bits and the carries
-pub fn constraint_word_addition<AB: AirBuilder>(
-    builder: &mut AB,
-    terms_bits: &[&[impl Into<AB::Expr> + Clone; SHA256_WORD_BITS]],
-    terms_limb: &[&[impl Into<AB::Expr> + Clone; SHA256_WORD_U16S]],
-    expected_sum: &[impl Into<AB::Expr> + Clone; SHA256_WORD_BITS],
-    carries: &[impl Into<AB::Expr> + Clone; SHA256_WORD_U16S],
-) {
-    for i in 0..SHA256_WORD_U16S {
-        let mut limb_sum = if i == 0 {
-            AB::Expr::ZERO
-        } else {
-            carries[i - 1].clone().into()
-        };
-        for term in terms_bits {
-            limb_sum += compose::<AB::Expr>(&term[i * 16..(i + 1) * 16], 1);
-        }
-        for term in terms_limb {
-            limb_sum += term[i].clone().into();
-        }
-        let expected_sum_limb = compose::<AB::Expr>(&expected_sum[i * 16..(i + 1) * 16], 1)
-            + carries[i].clone().into() * AB::Expr::from_canonical_u32(1 << 16);
-        builder.assert_eq(limb_sum, expected_sum_limb);
-    }
-}
diff --git a/crates/sdk/Cargo.toml b/crates/sdk/Cargo.toml
index f3ca81462d..b64fa04318 100644
--- a/crates/sdk/Cargo.toml
+++ b/crates/sdk/Cargo.toml
@@ -18,8 +18,8 @@ openvm-ecc-circuit = { workspace = true }
 openvm-ecc-transpiler = { workspace = true }
 openvm-keccak256-circuit = { workspace = true }
 openvm-keccak256-transpiler = { workspace = true }
-openvm-sha256-circuit = { workspace = true }
-openvm-sha256-transpiler = { workspace = true }
+openvm-sha2-circuit = { workspace = true }
+openvm-sha2-transpiler = { workspace = true }
 openvm-pairing-circuit = { workspace = true }
 openvm-pairing-transpiler = { workspace = true }
 openvm-native-circuit = { workspace = true }
diff --git a/crates/sdk/src/config/global.rs b/crates/sdk/src/config/global.rs
index 532c9b8d1c..754838b441 100644
--- a/crates/sdk/src/config/global.rs
+++ b/crates/sdk/src/config/global.rs
@@ -35,8 +35,8 @@ use openvm_rv32im_circuit::{
 use openvm_rv32im_transpiler::{
     Rv32ITranspilerExtension, Rv32IoTranspilerExtension, Rv32MTranspilerExtension,
 };
-use openvm_sha256_circuit::{Sha256, Sha256Executor, Sha256Periphery};
-use openvm_sha256_transpiler::Sha256TranspilerExtension;
+use openvm_sha2_circuit::{Sha2, Sha2Executor, Sha2Periphery};
+use openvm_sha2_transpiler::Sha2TranspilerExtension;
 use openvm_stark_backend::p3_field::PrimeField32;
 use openvm_transpiler::transpiler::Transpiler;
 use serde::{Deserialize, Serialize};
@@ -51,7 +51,7 @@ pub struct SdkVmConfig {
     pub rv32i: Option<UnitStruct>,
     pub io: Option<UnitStruct>,
     pub keccak: Option<UnitStruct>,
-    pub sha256: Option<UnitStruct>,
+    pub sha2: Option<UnitStruct>,
     pub native: Option<UnitStruct>,
     pub castf: Option<UnitStruct>,
 
@@ -74,7 +74,7 @@ pub enum SdkVmConfigExecutor<F: PrimeField32> {
     #[any_enum]
     Keccak(Keccak256Executor<F>),
     #[any_enum]
-    Sha256(Sha256Executor<F>),
+    Sha2(Sha2Executor<F>),
     #[any_enum]
     Native(NativeExecutor<F>),
     #[any_enum]
@@ -104,7 +104,7 @@ pub enum SdkVmConfigPeriphery<F: PrimeField32> {
     #[any_enum]
     Keccak(Keccak256Periphery<F>),
     #[any_enum]
-    Sha256(Sha256Periphery<F>),
+    Sha2(Sha2Periphery<F>),
     #[any_enum]
     Native(NativePeriphery<F>),
     #[any_enum]
@@ -135,8 +135,8 @@ impl SdkVmConfig {
         if self.keccak.is_some() {
             transpiler = transpiler.with_extension(Keccak256TranspilerExtension);
         }
-        if self.sha256.is_some() {
-            transpiler = transpiler.with_extension(Sha256TranspilerExtension);
+        if self.sha2.is_some() {
+            transpiler = transpiler.with_extension(Sha2TranspilerExtension);
         }
         if self.rv32m.is_some() {
             transpiler = transpiler.with_extension(Rv32MTranspilerExtension);
@@ -186,8 +186,8 @@ impl<F: PrimeField32> VmConfig<F> for SdkVmConfig {
         if self.keccak.is_some() {
             complex = complex.extend(&Keccak256)?;
         }
-        if self.sha256.is_some() {
-            complex = complex.extend(&Sha256)?;
+        if self.sha2.is_some() {
+            complex = complex.extend(&Sha2)?;
         }
         if self.native.is_some() {
             complex = complex.extend(&Native)?;
@@ -275,8 +275,8 @@ impl From<Keccak256> for UnitStruct {
     }
 }
 
-impl From<Sha256> for UnitStruct {
-    fn from(_: Sha256) -> Self {
+impl From<Sha2> for UnitStruct {
+    fn from(_: Sha2) -> Self {
         UnitStruct {}
     }
 }
diff --git a/crates/vm/src/system/memory/offline_checker/columns.rs b/crates/vm/src/system/memory/offline_checker/columns.rs
index 5ba1b8da6c..4b4372dbed 100644
--- a/crates/vm/src/system/memory/offline_checker/columns.rs
+++ b/crates/vm/src/system/memory/offline_checker/columns.rs
@@ -19,6 +19,10 @@ pub struct MemoryBaseAuxCols<T> {
     pub(in crate::system::memory) timestamp_lt_aux: LessThanAuxCols<T, AUX_LEN>,
 }
 
+pub trait MemoryWriteAuxColsConfig {
+    const N: usize;
+}
+
 #[repr(C)]
 #[derive(Clone, Copy, Debug, AlignedBorrow)]
 pub struct MemoryWriteAuxCols<T, const N: usize> {
diff --git a/docs/specs/ISA.md b/docs/specs/ISA.md
index 1bc3d0c4a0..a430cd1667 100644
--- a/docs/specs/ISA.md
+++ b/docs/specs/ISA.md
@@ -6,7 +6,7 @@ This specification describes the overall architecture and default VM extensions
 - [RV32IM](#rv32im-extension): An extension supporting the 32-bit RISC-V ISA with multiplication.
 - [Native](#native-extension): An extension supporting native field arithmetic for proof recursion and aggregation.
 - [Keccak-256](#keccak-extension): An extension implementing the Keccak-256 hash function compatibly with RISC-V memory.
-- [SHA2-256](#sha2-256-extension): An extension implementing the SHA2-256 hash function compatibly with RISC-V memory.
+- [SHA2](#sha2-extension): An extension implementing the SHA-256, SHA-512, and SHA-384 hash functions compatibly with RISC-V memory.
 - [BigInt](#bigint-extension): An extension supporting 256-bit signed and unsigned integer arithmetic, including
   multiplication. This extension respects the RISC-V memory format.
 - [Algebra](#algebra-extension): An extension supporting modular arithmetic over arbitrary fields and their complex
@@ -538,14 +538,16 @@ all memory cells are constrained to be bytes.
 | -------------- | ----------- | ----------------------------------------------------------------------------------------------------------------- |
 | KECCAK256_RV32 | `a,b,c,1,2` | `[r32{0}(a):32]_2 = keccak256([r32{0}(b)..r32{0}(b)+r32{0}(c)]_2)`. Performs memory accesses with block size `4`. |
 
-### SHA2-256 Extension
+### SHA-2 Extension
 
-The SHA2-256 extension supports the SHA2-256 hash function. The extension operates on address spaces `1` and `2`,
+The SHA-2 extension supports the SHA-256 and SHA-512 hash functions. The extension operates on address spaces `1` and `2`,
 meaning all memory cells are constrained to be bytes.
 
 | Name        | Operands    | Description                                                                                                                                                              |
 | ----------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | SHA256_RV32 | `a,b,c,1,2` | `[r32{0}(a):32]_2 = sha256([r32{0}(b)..r32{0}(b)+r32{0}(c)]_2)`. Does the necessary padding. Performs memory reads with block size `16` and writes with block size `32`. |
+| SHA512_RV32 | `a,b,c,1,2` | `[r32{0}(a):64]_2 = sha512([r32{0}(b)..r32{0}(b)+r32{0}(c)]_2)`. Does the necessary padding. Performs memory reads with block size `16` and writes with block size `32`. |
+| SHA384_RV32 | `a,b,c,1,2` | `[r32{0}(a):64]_2 = sha384([r32{0}(b)..r32{0}(b)+r32{0}(c)]_2)`. Does the necessary padding. Performs memory reads with block size `16` and writes with block size `32`. Writes 64 bytes to memory: the first 48 are the SHA-384 digest and the last 16 are zeros. |
 
 ### BigInt Extension
 
diff --git a/docs/specs/RISCV.md b/docs/specs/RISCV.md
index 7948272c66..d9f1e5cb38 100644
--- a/docs/specs/RISCV.md
+++ b/docs/specs/RISCV.md
@@ -5,7 +5,7 @@ The default VM extensions that support transpilation are:
 
 - [RV32IM](#rv32im-extension): An extension supporting the 32-bit RISC-V ISA with multiplication.
 - [Keccak-256](#keccak-extension): An extension implementing the Keccak-256 hash function compatibly with RISC-V memory.
-- [SHA2-256](#sha2-256-extension): An extension implementing the SHA2-256 hash function compatibly with RISC-V memory.
+- [SHA2](#sha2-extension): An extension implementing the SHA-256, SHA-512, and SHA-384 hash functions compatibly with RISC-V memory.
 - [BigInt](#bigint-extension): An extension supporting 256-bit signed and unsigned integer arithmetic, including multiplication. This extension respects the RISC-V memory format.
 - [Algebra](#algebra-extension): An extension supporting modular arithmetic over arbitrary fields and their complex field extensions. This extension respects the RISC-V memory format.
 - [Elliptic curve](#elliptic-curve-extension): An extension for elliptic curve operations over Weierstrass curves, including addition and doubling. This can be used to implement multi-scalar multiplication and ECDSA scalar multiplication. This extension respects the RISC-V memory format.
@@ -78,11 +78,13 @@ the guest must take care to validate all data and account for behavior in cases
 | ----------- | --- | ----------- | ------ | ------ | ------------------------------------------- |
 | keccak256   | R   | 0001011     | 100    | 0x0    | `[rd:32]_2 = keccak256([rs1..rs1 + rs2]_2)` |
 
-## SHA2-256 Extension
+## SHA-2 Extension
 
 | RISC-V Inst | FMT | opcode[6:0] | funct3 | funct7 | RISC-V description and notes             |
 | ----------- | --- | ----------- | ------ | ------ | ---------------------------------------- |
 | sha256      | R   | 0001011     | 100    | 0x1    | `[rd:32]_2 = sha256([rs1..rs1 + rs2]_2)` |
+| sha512      | R   | 0001011     | 100    | 0x2    | `[rd:64]_2 = sha512([rs1..rs1 + rs2]_2)` |
+| sha384      | R   | 0001011     | 100    | 0x3    | `[rd:64]_2 = sha384([rs1..rs1 + rs2]_2)`. Last 16 bytes will be set to zeros. |
 
 ## BigInt Extension
 
diff --git a/docs/specs/circuit.md b/docs/specs/circuit.md
index 4238c7c27b..bd34344674 100644
--- a/docs/specs/circuit.md
+++ b/docs/specs/circuit.md
@@ -104,7 +104,7 @@ The chips that fall into these categories are:
 | FriReducedOpeningChip | –               | –                 | Case 1. |
 | NativePoseidon2Chip   | –               | –                 | Case 1. |
 | Rv32HintStoreChip     | –               | –                 | Case 1. |
-| Sha256VmChip          | –               | –                 | Case 1. |
+| Sha2VmChip            | –               | –                 | Case 1. |
 
 The PhantomChip satisfies the condition because `1 < 3`.
 
diff --git a/docs/specs/isa-table.md b/docs/specs/isa-table.md
index 75cf1bad2c..8595dab9cd 100644
--- a/docs/specs/isa-table.md
+++ b/docs/specs/isa-table.md
@@ -128,13 +128,15 @@ In the tables below, we provide the mapping between the `LocalOpcode` and `Phant
 | ------------- | ---------- | ------------- |
 | Keccak | `Rv32KeccakOpcode::KECCAK256` | KECCAK256_RV32 |
 
-## SHA2-256 Extension
+## SHA-2 Extension
 
 #### Instructions
 
 | VM Extension | `LocalOpcode` | ISA Instruction |
 | ------------- | ---------- | ------------- |
-| SHA2-256 | `Rv32Sha256Opcode::SHA256` | SHA256_RV32 |
+| SHA-2 | `Rv32Sha2Opcode::SHA256` | SHA256_RV32 |
+| SHA-2 | `Rv32Sha2Opcode::SHA512` | SHA512_RV32 |
+| SHA-2 | `Rv32Sha2Opcode::SHA384` | SHA384_RV32 |
 
 ## BigInt Extension
 
diff --git a/docs/specs/transpiler.md b/docs/specs/transpiler.md
index a8b94ef2b0..eacd2442cf 100644
--- a/docs/specs/transpiler.md
+++ b/docs/specs/transpiler.md
@@ -151,11 +151,13 @@ Each VM extension's behavior is specified below.
 | ----------- | -------------------------------------------------- |
 | keccak256   | KECCAK256_RV32 `ind(rd), ind(rs1), ind(rs2), 1, 2` |
 
-### SHA2-256 Extension
+### SHA-2 Extension
 
 | RISC-V Inst | OpenVM Instruction                              |
 | ----------- | ----------------------------------------------- |
 | sha256      | SHA256_RV32 `ind(rd), ind(rs1), ind(rs2), 1, 2` |
+| sha512      | SHA512_RV32 `ind(rd), ind(rs1), ind(rs2), 1, 2` |
+| sha384      | SHA384_RV32 `ind(rd), ind(rs1), ind(rs2), 1, 2` |
 
 ### BigInt Extension
 
diff --git a/examples/sha2/Cargo.toml b/examples/sha2/Cargo.toml
new file mode 100644
index 0000000000..df7e72bac5
--- /dev/null
+++ b/examples/sha2/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "sha2-example"
+version = "0.0.0"
+edition = "2021"
+
+[workspace]
+members = []
+
+[dependencies]
+# TODO: update rev after PR is merged
+openvm = { git = "https://github.com/openvm-org/openvm.git", features = [
+    "std",
+], rev = "5180cea6342f43ac6523e0057e73e0dc9ecece3a"}
+# TODO: update rev after PR is merged
+openvm-sha2-guest = { git = "https://github.com/openvm-org/openvm.git", rev = "5180cea6342f43ac6523e0057e73e0dc9ecece3a" }
+hex = { version = "0.4.3" }
+
+[features]
+default = []
diff --git a/examples/sha256/openvm.toml b/examples/sha2/openvm.toml
similarity index 100%
rename from examples/sha256/openvm.toml
rename to examples/sha2/openvm.toml
diff --git a/examples/sha2/src/main.rs b/examples/sha2/src/main.rs
new file mode 100644
index 0000000000..44bcd119b4
--- /dev/null
+++ b/examples/sha2/src/main.rs
@@ -0,0 +1,39 @@
+// ANCHOR: imports
+use core::hint::black_box;
+
+use hex::FromHex;
+use openvm_sha2_guest::{sha256, sha384, sha512};
+// ANCHOR_END: imports
+
+// ANCHOR: main
+openvm::entry!(main);
+
+pub fn main() {
+    let test_vectors = [(
+        "",
+        "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+        "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+        "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
+    )];
+    for (input, expected_output_sha256, expected_output_sha512, expected_output_sha384) in
+        test_vectors.iter()
+    {
+        let input = Vec::from_hex(input).unwrap();
+        let expected_output_sha256 = Vec::from_hex(expected_output_sha256).unwrap();
+        let expected_output_sha512 = Vec::from_hex(expected_output_sha512).unwrap();
+        let expected_output_sha384 = Vec::from_hex(expected_output_sha384).unwrap();
+        let output = sha256(black_box(&input));
+        if output != *expected_output_sha256 {
+            panic!();
+        }
+        let output = sha512(black_box(&input));
+        if output != *expected_output_sha512 {
+            panic!();
+        }
+        let output = sha384(black_box(&input));
+        if output != *expected_output_sha384 {
+            panic!();
+        }
+    }
+}
+// ANCHOR_END: main
diff --git a/examples/sha256/Cargo.toml b/examples/sha256/Cargo.toml
deleted file mode 100644
index 48d6887c5c..0000000000
--- a/examples/sha256/Cargo.toml
+++ /dev/null
@@ -1,17 +0,0 @@
-[package]
-name = "sha256-example"
-version = "0.0.0"
-edition = "2021"
-
-[workspace]
-members = []
-
-[dependencies]
-openvm = { git = "https://github.com/openvm-org/openvm.git", features = [
-    "std",
-], branch = "develop" }
-openvm-sha256-guest = { git = "https://github.com/openvm-org/openvm.git", branch = "develop" }
-hex = { version = "0.4.3" }
-
-[features]
-default = []
diff --git a/examples/sha256/src/main.rs b/examples/sha256/src/main.rs
deleted file mode 100644
index 502a12366b..0000000000
--- a/examples/sha256/src/main.rs
+++ /dev/null
@@ -1,25 +0,0 @@
-// ANCHOR: imports
-use core::hint::black_box;
-
-use hex::FromHex;
-use openvm_sha256_guest::sha256;
-// ANCHOR_END: imports
-
-// ANCHOR: main
-openvm::entry!(main);
-
-pub fn main() {
-    let test_vectors = [(
-        "",
-        "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-    )];
-    for (input, expected_output) in test_vectors.iter() {
-        let input = Vec::from_hex(input).unwrap();
-        let expected_output = Vec::from_hex(expected_output).unwrap();
-        let output = sha256(&black_box(input));
-        if output != *expected_output {
-            panic!();
-        }
-    }
-}
-// ANCHOR_END: main
diff --git a/extensions/sha256/circuit/Cargo.toml b/extensions/sha2/circuit/Cargo.toml
similarity index 80%
rename from extensions/sha256/circuit/Cargo.toml
rename to extensions/sha2/circuit/Cargo.toml
index 0c7100e99b..6e55ac56bd 100644
--- a/extensions/sha256/circuit/Cargo.toml
+++ b/extensions/sha2/circuit/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
-name = "openvm-sha256-circuit"
+name = "openvm-sha2-circuit"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true
-description = "OpenVM circuit extension for sha256"
+description = "OpenVM circuit extension for SHA-2"
 
 [dependencies]
 openvm-stark-backend = { workspace = true }
@@ -13,16 +13,16 @@ openvm-circuit-primitives-derive = { workspace = true }
 openvm-circuit-derive = { workspace = true }
 openvm-circuit = { workspace = true }
 openvm-instructions = { workspace = true }
-openvm-sha256-transpiler = { workspace = true }
+openvm-sha2-transpiler = { workspace = true }
 openvm-rv32im-circuit = { workspace = true }
-openvm-sha256-air = { workspace = true }
+openvm-sha2-air = { workspace = true }
 
 derive-new.workspace = true
 derive_more = { workspace = true, features = ["from"] }
 rand.workspace = true
 serde.workspace = true
 sha2 = { version = "0.10", default-features = false }
-strum = { workspace = true }
+ndarray = { workspace = true, default-features = false }
 
 [dev-dependencies]
 openvm-stark-sdk = { workspace = true }
@@ -37,3 +37,6 @@ mimalloc = ["openvm-circuit/mimalloc"]
 jemalloc = ["openvm-circuit/jemalloc"]
 jemalloc-prof = ["openvm-circuit/jemalloc-prof"]
 nightly-features = ["openvm-circuit/nightly-features"]
+
+[package.metadata.cargo-shear]
+ignored = ["ndarray"]
\ No newline at end of file
diff --git a/extensions/sha256/circuit/README.md b/extensions/sha2/circuit/README.md
similarity index 56%
rename from extensions/sha256/circuit/README.md
rename to extensions/sha2/circuit/README.md
index 1e794cd35c..de2100b261 100644
--- a/extensions/sha256/circuit/README.md
+++ b/extensions/sha2/circuit/README.md
@@ -1,28 +1,43 @@
-# SHA256 VM Extension
+# SHA-2 VM Extension
 
-This crate contains the circuit for the SHA256 VM extension.
+This crate contains circuits for the SHA-2 family of hash functions.
+We support SHA-256, SHA-512, and SHA-384.
 
-## SHA-256 Algorithm Summary
+## SHA-2 Algorithms Summary
 
-See the [FIPS standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), in particular, section 6.2 for reference.
+The SHA-256, SHA-512, and SHA-384 algorithms are similar in structure.
+We will first describe the SHA-256 algorithm, and then describe the differences between the three algorithms.
+
+See the [FIPS standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) for reference. In particular, sections 6.2, 6.4, and 6.5.
 
 In short the SHA-256 algorithm works as follows.
 1. Pad the message to 512 bits and split it into 512-bit 'blocks'.
-2. Initialize a hash state consisting of eight 32-bit words.
+2. Initialize a hash state consisting of eight 32-bit words to a specific constant value.
 3. For each block, 
-    1. split the message into 16 32-bit words and produce 48 more 'message schedule' words based on them.
-    2. apply 64 'rounds' to update the hash state based on the message schedule.
-    3. add the previous block's final hash state to the current hash state (modulo `2^32`).
+    1. split the message into 16 32-bit words and produce 48 more words based on them. The 16 message words together with the 48 additional words are called the 'message schedule'.
+    2. apply a scrambling function 64 times to the hash state to update it based on the message schedule. We call each update a 'round'.
+    3. add the previous block's final hash state to the current hash state (modulo $2^{32}$).
 4. The output is the final hash state
 
+The differences with the SHA-512 algorithm are that:
+- SHA-512 uses 64-bit words, 1024-bit blocks, performs 80 rounds, and produces a 512-bit output. 
+- all the arithmetic is done modulo $2^{64}$.
+- the initial hash state is different.
+
+The SHA-384 algorithm is a truncation of the SHA-512 output to 384 bits, and the only difference is that the initial hash state is different.
+
 ## Design Overview
 
-This chip produces an AIR that consists of 17 rows for each block (512 bits) in the message, and no more rows.
-The first 16 rows of each block are called 'round rows', and each of them represents four rounds of the SHA-256 algorithm.
-Each row constrains updates to the working variables on each round, and it also constrains the message schedule words based on previous rounds.
-The final row is called a 'digest row' and it produces a final hash for the block, computed as the sum of the working variables and the previous block's final hash.
+We reuse the same AIR code to produce circuits for all three algorithms.
+To achieve this, we parameterize the AIR by constants (such as the word size, number of rounds, and block size) that are specific to each algorithm.
+
+This chip produces an AIR that consists of $R+1$ rows for each block of the message, and no more rows
+(for SHA-256, $R = 16$ and for SHA-512 and SHA-384, $R = 20$).
+The first $R$ rows of each block are called 'round rows', and each of them constrains four rounds of the hash algorithm.
+Each row constrains updates to the working variables on each round, and also constrains the message schedule words based on previous rounds.
+The final row of each block is called a 'digest row' and it produces a final hash for the block, computed as the sum of the working variables and the previous block's final hash.
 
-Note that this chip only supports messages of length less than `2^29` bytes.
+Note that this chip only supports messages of length less than $2^{29}$ bytes.
 
 ### Storing working variables
 
@@ -50,7 +65,7 @@ Since we can reliably constrain values from four rounds ago, we can build up `in
 
 The last block of every message should have the `is_last_block` flag set to `1`.
 Note that `is_last_block` is not constrained to be true for the last block of every message, instead it *defines* what the last block of a message is.
-For instance, if we produce an air with 10 blocks and only the last block has `is_last_block = 1` then the constraints will interpret it as a single message of length 10 blocks.
+For instance, if we produce a trace with 10 blocks and only the last block has `is_last_block = 1` then the constraints will interpret it as a single message of length 10 blocks.
 If, however, we set `is_last_block` to true for the 6th block, the trace will be interpreted as hashing two messages, each of length 5 blocks.
 
 Note that we do constrain, however, that the very last block of the trace has `is_last_block = 1`.
@@ -63,11 +78,11 @@ We use this trick in several places in this chip.
 
 ### Block index counter variables
 
-There are two "block index" counter variables in each row of the air named `global_block_idx` and `local_block_idx`.
-Both of these variables take on the same value on all 17 rows in a block. 
+There are two "block index" counter variables in each row named `global_block_idx` and `local_block_idx`.
+Both of these variables take on the same value on all $R+1$ rows in a block. 
 
 The `global_block_idx` is the index of the block in the entire trace.
-The very first 17 rows in the trace will have `global_block_idx = 1` and the counter will increment by 1 between blocks.  
+The very first block in the trace will have `global_block_idx = 1` on each row and the counter will increment by 1 between blocks.  
 The padding rows will all have `global_block_idx = 0`.
 The `global_block_idx` is used in interaction constraints to constrain the value of `hash` between blocks.
 
@@ -79,15 +94,16 @@ The `local_block_idx` is used to calculate the length of the message processed s
 
 ### VM air vs SubAir
 
-The SHA-256 VM extension chip uses the `Sha256Air` SubAir to help constrain the SHA-256 hash.
-The VM extension air constrains the correctness of the SHA message padding, while the SubAir adds all other constraints related to the hash algorithm.
-The VM extension air also constrains memory reads and writes.
+The SHA-2 VM extension chip uses the `Sha2Air` SubAir to help constrain the appropriate SHA-2 hash algorithm.
+The SubAir is also parameterized by the specific SHA-2 variant's constants.
+The VM extension AIR constrains the correctness of the message padding, while the SubAir adds all other constraints related to the hash algorithm.
+The VM extension AIR also constrains memory reads and writes.
 
 ### A gotcha about padding rows
 
 There are two senses of the word padding used in the context of this chip and this can be confusing.
-First, we use padding to refer to the extra bits added to the message that is input to the SHA-256 algorithm in order to make the input's length a multiple of 512 bits.
-So, we may use the term 'padding rows' to refer to round rows that correspond to the padded bits of a message (as in `Sha256VmAir::eval_padding_row`).
+First, we use padding to refer to the extra bits added to the message that is input to the hash algorithm in order to make the input's length a multiple of the block size.
+So, we may use the term 'padding rows' to refer to round rows that correspond to the padded bits of a message (as in `Sha2VmAir::eval_padding_row`).
 Second, the dummy rows that are added to the trace to make the trace height a power of 2 are also called padding rows (see the `is_padding_row` flag).
 In the SubAir, padding row probably means dummy row.
-In the VM air, it probably refers to SHA-256 padding.
\ No newline at end of file
+In the VM air, it probably refers to the message padding.
\ No newline at end of file
diff --git a/extensions/sha256/circuit/src/extension.rs b/extensions/sha2/circuit/src/extension.rs
similarity index 61%
rename from extensions/sha256/circuit/src/extension.rs
rename to extensions/sha2/circuit/src/extension.rs
index 76a6c1ec0c..e67ce2be1a 100644
--- a/extensions/sha256/circuit/src/extension.rs
+++ b/extensions/sha2/circuit/src/extension.rs
@@ -13,15 +13,15 @@ use openvm_rv32im_circuit::{
     Rv32I, Rv32IExecutor, Rv32IPeriphery, Rv32Io, Rv32IoExecutor, Rv32IoPeriphery, Rv32M,
     Rv32MExecutor, Rv32MPeriphery,
 };
-use openvm_sha256_transpiler::Rv32Sha256Opcode;
+use openvm_sha2_air::{Sha256Config, Sha384Config, Sha512Config};
+use openvm_sha2_transpiler::Rv32Sha2Opcode;
 use openvm_stark_backend::p3_field::PrimeField32;
 use serde::{Deserialize, Serialize};
-use strum::IntoEnumIterator;
 
 use crate::*;
 
 #[derive(Clone, Debug, VmConfig, derive_new::new, Serialize, Deserialize)]
-pub struct Sha256Rv32Config {
+pub struct Sha2Rv32Config {
     #[system]
     pub system: SystemConfig,
     #[extension]
@@ -31,38 +31,40 @@ pub struct Sha256Rv32Config {
     #[extension]
     pub io: Rv32Io,
     #[extension]
-    pub sha256: Sha256,
+    pub sha2: Sha2,
 }
 
-impl Default for Sha256Rv32Config {
+impl Default for Sha2Rv32Config {
     fn default() -> Self {
         Self {
             system: SystemConfig::default().with_continuations(),
             rv32i: Rv32I,
             rv32m: Rv32M::default(),
             io: Rv32Io,
-            sha256: Sha256,
+            sha2: Sha2,
         }
     }
 }
 
 #[derive(Clone, Copy, Debug, Default, Serialize, Deserialize)]
-pub struct Sha256;
+pub struct Sha2;
 
 #[derive(ChipUsageGetter, Chip, InstructionExecutor, From, AnyEnum)]
-pub enum Sha256Executor<F: PrimeField32> {
-    Sha256(Sha256VmChip<F>),
+pub enum Sha2Executor<F: PrimeField32> {
+    Sha256(Sha2VmChip<F, Sha256Config>),
+    Sha512(Sha2VmChip<F, Sha512Config>),
+    Sha384(Sha2VmChip<F, Sha384Config>),
 }
 
 #[derive(From, ChipUsageGetter, Chip, AnyEnum)]
-pub enum Sha256Periphery<F: PrimeField32> {
+pub enum Sha2Periphery<F: PrimeField32> {
     BitwiseOperationLookup(SharedBitwiseOperationLookupChip<8>),
     Phantom(PhantomChip<F>),
 }
 
-impl<F: PrimeField32> VmExtension<F> for Sha256 {
-    type Executor = Sha256Executor<F>;
-    type Periphery = Sha256Periphery<F>;
+impl<F: PrimeField32> VmExtension<F> for Sha2 {
+    type Executor = Sha2Executor<F>;
+    type Periphery = Sha2Periphery<F>;
 
     fn build(
         &self,
@@ -81,18 +83,32 @@ impl<F: PrimeField32> VmExtension<F> for Sha256 {
             chip
         };
 
-        let sha256_chip = Sha256VmChip::new(
+        let sha256_chip = Sha2VmChip::<F, Sha256Config>::new(
+            builder.system_port(),
+            builder.system_config().memory_config.pointer_max_bits,
+            bitwise_lu_chip.clone(),
+            builder.new_bus_idx(),
+            builder.system_base().offline_memory(),
+        );
+        inventory.add_executor(sha256_chip, vec![Rv32Sha2Opcode::SHA256.global_opcode()])?;
+
+        let sha512_chip = Sha2VmChip::<F, Sha512Config>::new(
+            builder.system_port(),
+            builder.system_config().memory_config.pointer_max_bits,
+            bitwise_lu_chip.clone(),
+            builder.new_bus_idx(),
+            builder.system_base().offline_memory(),
+        );
+        inventory.add_executor(sha512_chip, vec![Rv32Sha2Opcode::SHA512.global_opcode()])?;
+
+        let sha384_chip = Sha2VmChip::<F, Sha384Config>::new(
             builder.system_port(),
             builder.system_config().memory_config.pointer_max_bits,
             bitwise_lu_chip,
             builder.new_bus_idx(),
-            Rv32Sha256Opcode::CLASS_OFFSET,
             builder.system_base().offline_memory(),
         );
-        inventory.add_executor(
-            sha256_chip,
-            Rv32Sha256Opcode::iter().map(|x| x.global_opcode()),
-        )?;
+        inventory.add_executor(sha384_chip, vec![Rv32Sha2Opcode::SHA384.global_opcode()])?;
 
         Ok(inventory)
     }
diff --git a/extensions/sha2/circuit/src/lib.rs b/extensions/sha2/circuit/src/lib.rs
new file mode 100644
index 0000000000..cc51aaaf20
--- /dev/null
+++ b/extensions/sha2/circuit/src/lib.rs
@@ -0,0 +1,5 @@
+mod sha2_chip;
+pub use sha2_chip::*;
+
+mod extension;
+pub use extension::*;
diff --git a/extensions/sha2/circuit/src/sha2_chip/air.rs b/extensions/sha2/circuit/src/sha2_chip/air.rs
new file mode 100644
index 0000000000..18cd0ebd1e
--- /dev/null
+++ b/extensions/sha2/circuit/src/sha2_chip/air.rs
@@ -0,0 +1,742 @@
+use std::{cmp::min, convert::TryInto};
+
+use openvm_circuit::{
+    arch::ExecutionBridge,
+    system::memory::{
+        offline_checker::{MemoryBridge, MemoryWriteAuxCols},
+        MemoryAddress,
+    },
+};
+use openvm_circuit_primitives::{
+    bitwise_op_lookup::BitwiseOperationLookupBus, encoder::Encoder, utils::not, SubAir,
+};
+use openvm_instructions::{
+    riscv::{RV32_CELL_BITS, RV32_MEMORY_AS, RV32_REGISTER_AS, RV32_REGISTER_NUM_LIMBS},
+    LocalOpcode,
+};
+use openvm_sha2_air::{compose, Sha256Config, Sha2Air, Sha512Config};
+use openvm_stark_backend::{
+    interaction::InteractionBuilder,
+    p3_air::{Air, AirBuilder, BaseAir},
+    p3_field::{Field, FieldAlgebra},
+    p3_matrix::Matrix,
+    rap::{BaseAirWithPublicValues, PartitionedBaseAir},
+};
+
+use super::{Sha2Variant, Sha2VmDigestColsRef, Sha2VmRoundColsRef, ShaChipConfig};
+
+/// Sha2VmAir does all constraints related to message padding and
+/// the Sha2Air subair constrains the actual hash
+#[derive(Clone, Debug, derive_new::new)]
+pub struct Sha2VmAir<C: ShaChipConfig> {
+    pub execution_bridge: ExecutionBridge,
+    pub memory_bridge: MemoryBridge,
+    /// Bus to send byte checks to
+    pub bitwise_lookup_bus: BitwiseOperationLookupBus,
+    /// Maximum number of bits allowed for an address pointer
+    /// Must be at least 24
+    pub ptr_max_bits: usize,
+    pub(super) sha_subair: Sha2Air<C>,
+    pub(super) padding_encoder: Encoder,
+}
+
+impl<F: Field, C: ShaChipConfig> BaseAirWithPublicValues<F> for Sha2VmAir<C> {}
+impl<F: Field, C: ShaChipConfig> PartitionedBaseAir<F> for Sha2VmAir<C> {}
+impl<F: Field, C: ShaChipConfig> BaseAir<F> for Sha2VmAir<C> {
+    fn width(&self) -> usize {
+        C::VM_WIDTH
+    }
+}
+
+impl<AB: InteractionBuilder, C: ShaChipConfig> Air<AB> for Sha2VmAir<C> {
+    fn eval(&self, builder: &mut AB) {
+        self.eval_padding(builder);
+        self.eval_transitions(builder);
+        self.eval_reads(builder);
+        self.eval_last_row(builder);
+
+        self.sha_subair.eval(builder, C::VM_CONTROL_WIDTH);
+    }
+}
+
+#[allow(dead_code, non_camel_case_types)]
+pub(super) enum PaddingFlags {
+    /// Not considered for padding - W's are not constrained
+    NotConsidered,
+    /// Not padding - W's should be equal to the message
+    NotPadding,
+    /// FIRST_PADDING_i: it is the first row with padding and there are i cells of non-padding
+    FirstPadding0,
+    FirstPadding1,
+    FirstPadding2,
+    FirstPadding3,
+    FirstPadding4,
+    FirstPadding5,
+    FirstPadding6,
+    FirstPadding7,
+    FirstPadding8,
+    FirstPadding9,
+    FirstPadding10,
+    FirstPadding11,
+    FirstPadding12,
+    FirstPadding13,
+    FirstPadding14,
+    FirstPadding15,
+    FirstPadding16,
+    FirstPadding17,
+    FirstPadding18,
+    FirstPadding19,
+    FirstPadding20,
+    FirstPadding21,
+    FirstPadding22,
+    FirstPadding23,
+    FirstPadding24,
+    FirstPadding25,
+    FirstPadding26,
+    FirstPadding27,
+    FirstPadding28,
+    FirstPadding29,
+    FirstPadding30,
+    FirstPadding31,
+    /// FIRST_PADDING_i_LastRow: it is the first row with padding and there are i cells of non-padding
+    ///                          AND it is the last reading row of the message
+    /// NOTE: if the Last row has padding it has to be at least 9 cells since the last 8 cells are padded with
+    /// the message length
+    FirstPadding0_LastRow,
+    FirstPadding1_LastRow,
+    FirstPadding2_LastRow,
+    FirstPadding3_LastRow,
+    FirstPadding4_LastRow,
+    FirstPadding5_LastRow,
+    FirstPadding6_LastRow,
+    FirstPadding7_LastRow,
+    FirstPadding8_LastRow,
+    FirstPadding9_LastRow,
+    FirstPadding10_LastRow,
+    FirstPadding11_LastRow,
+    FirstPadding12_LastRow,
+    FirstPadding13_LastRow,
+    FirstPadding14_LastRow,
+    FirstPadding15_LastRow,
+
+    /// The entire row is padding AND it is not the first row with padding
+    /// AND it is the 4th row of the last block of the message
+    EntirePaddingLastRow,
+    /// The entire row is padding AND it is not the first row with padding
+    EntirePadding,
+}
+
+impl PaddingFlags {
+    /// The number of padding flags (including NotConsidered)
+    pub const COUNT: usize = EntirePadding as usize + 1;
+}
+
+use PaddingFlags::*;
+impl<C: ShaChipConfig> Sha2VmAir<C> {
+    /// Implement all necessary constraints for the padding
+    fn eval_padding<AB: InteractionBuilder>(&self, builder: &mut AB) {
+        let main = builder.main();
+        let (local, next) = (main.row_slice(0), main.row_slice(1));
+        let local_cols = Sha2VmRoundColsRef::<AB::Var>::from::<C>(&local[..C::VM_ROUND_WIDTH]);
+        let next_cols = Sha2VmRoundColsRef::<AB::Var>::from::<C>(&next[..C::VM_ROUND_WIDTH]);
+
+        // Constrain the sanity of the padding flags
+        self.padding_encoder
+            .eval(builder, local_cols.control.pad_flags.as_slice().unwrap());
+
+        builder.assert_one(self.padding_encoder.contains_flag_range::<AB>(
+            local_cols.control.pad_flags.as_slice().unwrap(),
+            NotConsidered as usize..=EntirePadding as usize,
+        ));
+
+        Self::eval_padding_transitions(self, builder, &local_cols, &next_cols);
+        Self::eval_padding_row(self, builder, &local_cols);
+    }
+
+    fn eval_padding_transitions<AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: &Sha2VmRoundColsRef<AB::Var>,
+        next: &Sha2VmRoundColsRef<AB::Var>,
+    ) {
+        let next_is_last_row = *next.inner.flags.is_digest_row * *next.inner.flags.is_last_block;
+
+        // Constrain that `padding_occured` is 1 on a suffix of rows in each message, excluding the last
+        // digest row, and 0 everywhere else. Furthermore, the suffix starts in the first 4 rows of some block.
+
+        builder.assert_bool(*local.control.padding_occurred);
+        // Last round row in the last block has padding_occurred = 1
+        // This is the end of the suffix
+        builder
+            .when(next_is_last_row.clone())
+            .assert_one(*local.control.padding_occurred);
+
+        // Digest row in the last block has padding_occurred = 0
+        builder
+            .when(next_is_last_row.clone())
+            .assert_zero(*next.control.padding_occurred);
+
+        // If padding_occurred = 1 in the current row, then padding_occurred = 1 in the next row,
+        // unless next is the last digest row
+        builder
+            .when(*local.control.padding_occurred - next_is_last_row.clone())
+            .assert_one(*next.control.padding_occurred);
+
+        // If next row is not first 4 rows of a block, then next.padding_occurred = local.padding_occurred.
+        // So padding_occurred only changes in the first 4 rows of a block.
+        builder
+            .when_transition()
+            .when(not(*next.inner.flags.is_first_4_rows) - next_is_last_row)
+            .assert_eq(
+                *next.control.padding_occurred,
+                *local.control.padding_occurred,
+            );
+
+        // Constrain the that the start of the padding is correct
+        let next_is_first_padding_row =
+            *next.control.padding_occurred - *local.control.padding_occurred;
+        // Row index if its between 0..4, else 0
+        let next_row_idx = self.sha_subair.row_idx_encoder.flag_with_val::<AB>(
+            next.inner.flags.row_idx.as_slice().unwrap(),
+            &(0..C::MESSAGE_ROWS).map(|x| (x, x)).collect::<Vec<_>>(),
+        );
+        // How many non-padding cells there are in the next row.
+        // Will be 0 on non-padding rows.
+        let next_padding_offset = self.padding_encoder.flag_with_val::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            &(0..C::MAX_FIRST_PADDING + 1)
+                .map(|i| (FirstPadding0 as usize + i, i))
+                .collect::<Vec<_>>(),
+        ) + self.padding_encoder.flag_with_val::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            &(0..C::MAX_FIRST_PADDING_LAST_ROW + 1)
+                .map(|i| (FirstPadding0_LastRow as usize + i, i))
+                .collect::<Vec<_>>(),
+        );
+
+        // Will be 0 on last digest row since:
+        //   - padding_occurred = 0 is constrained above
+        //   - next_row_idx = 0 since row_idx is not in 0..4
+        //   - and next_padding_offset = 0 since `pad_flags = NotConsidered`
+        let expected_len = *next.inner.flags.local_block_idx
+            * *next.control.padding_occurred
+            * AB::Expr::from_canonical_usize(C::BLOCK_U8S)
+            + next_row_idx * AB::Expr::from_canonical_usize(C::READ_SIZE)
+            + next_padding_offset;
+
+        // Note: `next_is_first_padding_row` is either -1,0,1
+        // If 1, then this constrains the length of message
+        // If -1, then `next` must be the last digest row and so this constraint will be 0 == 0
+        builder.when(next_is_first_padding_row).assert_eq(
+            expected_len,
+            *next.control.len * *next.control.padding_occurred,
+        );
+
+        // Constrain the padding flags are of correct type (eg is not padding or first padding)
+        let is_next_first_padding = self.padding_encoder.contains_flag_range::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            FirstPadding0 as usize..=(FirstPadding15_LastRow as usize),
+        );
+
+        let is_next_last_padding = self.padding_encoder.contains_flag_range::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            FirstPadding0_LastRow as usize..=EntirePaddingLastRow as usize,
+        );
+
+        let is_next_entire_padding = self.padding_encoder.contains_flag_range::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            EntirePaddingLastRow as usize..=EntirePadding as usize,
+        );
+
+        let is_next_not_considered = self.padding_encoder.contains_flag::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            &[NotConsidered as usize],
+        );
+
+        let is_next_not_padding = self.padding_encoder.contains_flag::<AB>(
+            next.control.pad_flags.as_slice().unwrap(),
+            &[NotPadding as usize],
+        );
+
+        let is_next_4th_row = self
+            .sha_subair
+            .row_idx_encoder
+            .contains_flag::<AB>(next.inner.flags.row_idx.as_slice().unwrap(), &[3]);
+
+        // `pad_flags` is `NotConsidered` on all rows except the first 4 rows of a block
+        builder.assert_eq(
+            not(*next.inner.flags.is_first_4_rows),
+            is_next_not_considered,
+        );
+
+        // `pad_flags` is `EntirePadding` if the previous row is padding
+        builder.when(*next.inner.flags.is_first_4_rows).assert_eq(
+            *local.control.padding_occurred * *next.control.padding_occurred,
+            is_next_entire_padding,
+        );
+
+        // `pad_flags` is `FirstPadding*` if current row is padding and the previous row is not padding
+        builder.when(*next.inner.flags.is_first_4_rows).assert_eq(
+            not(*local.control.padding_occurred) * *next.control.padding_occurred,
+            is_next_first_padding,
+        );
+
+        // `pad_flags` is `NotPadding` if current row is not padding
+        builder
+            .when(*next.inner.flags.is_first_4_rows)
+            .assert_eq(not(*next.control.padding_occurred), is_next_not_padding);
+
+        // `pad_flags` is `*LastRow` on the row that contsrains the last four words of the message
+        builder
+            .when(*next.inner.flags.is_last_block)
+            .assert_eq(is_next_4th_row, is_next_last_padding);
+    }
+
+    fn eval_padding_row<AB: InteractionBuilder>(
+        &self,
+        builder: &mut AB,
+        local: &Sha2VmRoundColsRef<AB::Var>,
+    ) {
+        let message = (0..C::READ_SIZE)
+            .map(|i| {
+                local.inner.message_schedule.carry_or_buffer[[i / (C::WORD_U8S), i % (C::WORD_U8S)]]
+            })
+            .collect::<Vec<_>>();
+
+        let get_ith_byte = |i: usize| {
+            let word_idx = i / C::WORD_U8S;
+            let word = local
+                .inner
+                .message_schedule
+                .w
+                .row(word_idx)
+                .mapv(|x| x.into());
+            // Need to reverse the byte order to match the endianness of the memory
+            let byte_idx = C::WORD_U8S - i % C::WORD_U8S - 1;
+            compose::<AB::Expr>(
+                &word.as_slice().unwrap()[byte_idx * 8..(byte_idx + 1) * 8],
+                1,
+            )
+        };
+
+        let is_not_padding = self.padding_encoder.contains_flag::<AB>(
+            local.control.pad_flags.as_slice().unwrap(),
+            &[NotPadding as usize],
+        );
+
+        // Check the `w`s on case by case basis
+        for (i, message_byte) in message.iter().enumerate() {
+            let w = get_ith_byte(i);
+            let should_be_message = is_not_padding.clone()
+                + if i < C::MAX_FIRST_PADDING {
+                    self.padding_encoder.contains_flag_range::<AB>(
+                        local.control.pad_flags.as_slice().unwrap(),
+                        FirstPadding0 as usize + i + 1
+                            ..=FirstPadding0 as usize + C::MAX_FIRST_PADDING,
+                    )
+                } else {
+                    AB::Expr::ZERO
+                }
+                + if i < C::MAX_FIRST_PADDING_LAST_ROW {
+                    self.padding_encoder.contains_flag_range::<AB>(
+                        local.control.pad_flags.as_slice().unwrap(),
+                        FirstPadding0_LastRow as usize + i + 1
+                            ..=FirstPadding0_LastRow as usize + C::MAX_FIRST_PADDING_LAST_ROW,
+                    )
+                } else {
+                    AB::Expr::ZERO
+                };
+
+            builder
+                .when(should_be_message)
+                .assert_eq(w.clone(), *message_byte);
+
+            let should_be_zero = self.padding_encoder.contains_flag::<AB>(
+                local.control.pad_flags.as_slice().unwrap(),
+                &[EntirePadding as usize],
+            ) +
+            // - 4 because the last 4 bytes are the padded length
+            if i < C::CELLS_PER_ROW - 4 {
+                self.padding_encoder.contains_flag::<AB>(
+                    local.control.pad_flags.as_slice().unwrap(),
+                    &[EntirePaddingLastRow as usize],
+                ) + if i > 0 {
+                    self.padding_encoder.contains_flag_range::<AB>(
+                        local.control.pad_flags.as_slice().unwrap(),
+                        FirstPadding0_LastRow as usize
+                            ..=min(
+                                FirstPadding0_LastRow as usize + i - 1,
+                                FirstPadding0_LastRow as usize + C::MAX_FIRST_PADDING_LAST_ROW,
+                            ),
+                    )
+                } else {
+                    AB::Expr::ZERO
+                }
+            } else {
+                AB::Expr::ZERO
+            } + if i > 0 {
+                self.padding_encoder.contains_flag_range::<AB>(
+                    local.control.pad_flags.as_slice().unwrap(),
+                    FirstPadding0 as usize..=FirstPadding0 as usize + i - 1,
+                )
+            } else {
+                AB::Expr::ZERO
+            };
+            builder.when(should_be_zero).assert_zero(w.clone());
+
+            // Assumes bit-length of message is a multiple of 8 (message is bytes)
+            // This is true because the message is given as &[u8]
+            let should_be_128 = self.padding_encoder.contains_flag::<AB>(
+                local.control.pad_flags.as_slice().unwrap(),
+                &[FirstPadding0 as usize + i],
+            ) + if i < 8 {
+                self.padding_encoder.contains_flag::<AB>(
+                    local.control.pad_flags.as_slice().unwrap(),
+                    &[FirstPadding0_LastRow as usize + i],
+                )
+            } else {
+                AB::Expr::ZERO
+            };
+
+            builder
+                .when(should_be_128)
+                .assert_eq(AB::Expr::from_canonical_u32(1 << 7), w);
+
+            // should be len is handled outside of the loop
+        }
+        let appended_len = compose::<AB::Expr>(
+            &[
+                get_ith_byte(C::CELLS_PER_ROW - 1),
+                get_ith_byte(C::CELLS_PER_ROW - 2),
+                get_ith_byte(C::CELLS_PER_ROW - 3),
+                get_ith_byte(C::CELLS_PER_ROW - 4),
+            ],
+            RV32_CELL_BITS,
+        );
+
+        let actual_len = *local.control.len;
+
+        let is_last_padding_row = self.padding_encoder.contains_flag_range::<AB>(
+            local.control.pad_flags.as_slice().unwrap(),
+            FirstPadding0_LastRow as usize..=EntirePaddingLastRow as usize,
+        );
+
+        builder.when(is_last_padding_row.clone()).assert_eq(
+            appended_len * AB::F::from_canonical_usize(RV32_CELL_BITS).inverse(), // bit to byte conversion
+            actual_len,
+        );
+
+        // We constrain that the appended length is in bytes
+        builder.when(is_last_padding_row.clone()).assert_zero(
+            local.inner.message_schedule.w[[3, 0]]
+                + local.inner.message_schedule.w[[3, 1]]
+                + local.inner.message_schedule.w[[3, 2]],
+        );
+
+        // We can't support messages longer than 2^29 bytes because the length has to fit in a field element.
+        // So, constrain that the first 4 bytes of the length are 0.
+        // Thus, the bit-length is < 2^32 so the message is < 2^29 bytes.
+        for i in 8..12 {
+            builder
+                .when(is_last_padding_row.clone())
+                .assert_zero(get_ith_byte(i));
+        }
+    }
+    /// Implement constraints on `len`, `read_ptr` and `cur_timestamp`
+    fn eval_transitions<AB: InteractionBuilder>(&self, builder: &mut AB) {
+        let main = builder.main();
+        let (local, next) = (main.row_slice(0), main.row_slice(1));
+        let local_cols = Sha2VmRoundColsRef::<AB::Var>::from::<C>(&local[..C::VM_ROUND_WIDTH]);
+        let next_cols = Sha2VmRoundColsRef::<AB::Var>::from::<C>(&next[..C::VM_ROUND_WIDTH]);
+
+        let is_last_row =
+            *local_cols.inner.flags.is_last_block * *local_cols.inner.flags.is_digest_row;
+        // Len should be the same for the entire message
+        builder
+            .when_transition()
+            .when(not::<AB::Expr>(is_last_row.clone()))
+            .assert_eq(*next_cols.control.len, *local_cols.control.len);
+
+        // Read ptr should increment by [C::READ_SIZE] for the first 4 rows and stay the same otherwise
+        let read_ptr_delta =
+            *local_cols.inner.flags.is_first_4_rows * AB::Expr::from_canonical_usize(C::READ_SIZE);
+        builder
+            .when_transition()
+            .when(not::<AB::Expr>(is_last_row.clone()))
+            .assert_eq(
+                *next_cols.control.read_ptr,
+                *local_cols.control.read_ptr + read_ptr_delta,
+            );
+
+        // Timestamp should increment by 1 for the first 4 rows and stay the same otherwise
+        let timestamp_delta = *local_cols.inner.flags.is_first_4_rows * AB::Expr::ONE;
+        builder
+            .when_transition()
+            .when(not::<AB::Expr>(is_last_row.clone()))
+            .assert_eq(
+                *next_cols.control.cur_timestamp,
+                *local_cols.control.cur_timestamp + timestamp_delta,
+            );
+    }
+
+    /// Implement the reads for the first 4 rows of a block
+    fn eval_reads<AB: InteractionBuilder>(&self, builder: &mut AB) {
+        let main = builder.main();
+        let local = main.row_slice(0);
+        let local_cols = Sha2VmRoundColsRef::<AB::Var>::from::<C>(&local[..C::VM_ROUND_WIDTH]);
+
+        let message: Vec<AB::Var> = (0..C::READ_SIZE)
+            .map(|i| {
+                local_cols.inner.message_schedule.carry_or_buffer
+                    [[i / (C::WORD_U16S * 2), i % (C::WORD_U16S * 2)]]
+            })
+            .collect();
+
+        match C::VARIANT {
+            Sha2Variant::Sha256 => {
+                let message: [AB::Var; Sha256Config::READ_SIZE] =
+                    message.try_into().unwrap_or_else(|_| {
+                        panic!("message is not the correct size");
+                    });
+                self.memory_bridge
+                    .read(
+                        MemoryAddress::new(
+                            AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
+                            *local_cols.control.read_ptr,
+                        ),
+                        message,
+                        *local_cols.control.cur_timestamp,
+                        local_cols.read_aux,
+                    )
+                    .eval(builder, *local_cols.inner.flags.is_first_4_rows);
+            }
+            // Sha512 and Sha384 have the same read size so we put them together
+            Sha2Variant::Sha512 | Sha2Variant::Sha384 => {
+                let message: [AB::Var; Sha512Config::READ_SIZE] =
+                    message.try_into().unwrap_or_else(|_| {
+                        panic!("message is not the correct size");
+                    });
+                self.memory_bridge
+                    .read(
+                        MemoryAddress::new(
+                            AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
+                            *local_cols.control.read_ptr,
+                        ),
+                        message,
+                        *local_cols.control.cur_timestamp,
+                        local_cols.read_aux,
+                    )
+                    .eval(builder, *local_cols.inner.flags.is_first_4_rows);
+            }
+        }
+    }
+    /// Implement the constraints for the last row of a message
+    fn eval_last_row<AB: InteractionBuilder>(&self, builder: &mut AB) {
+        let main = builder.main();
+        let local = main.row_slice(0);
+        let local_cols = Sha2VmDigestColsRef::<AB::Var>::from::<C>(&local[..C::VM_DIGEST_WIDTH]);
+
+        let timestamp: AB::Var = local_cols.from_state.timestamp;
+        let mut timestamp_delta: usize = 0;
+        let mut timestamp_pp = || {
+            timestamp_delta += 1;
+            timestamp + AB::Expr::from_canonical_usize(timestamp_delta - 1)
+        };
+
+        let is_last_row =
+            *local_cols.inner.flags.is_last_block * *local_cols.inner.flags.is_digest_row;
+
+        let dst_ptr: [AB::Var; RV32_REGISTER_NUM_LIMBS] =
+            local_cols.dst_ptr.to_vec().try_into().unwrap_or_else(|_| {
+                panic!("dst_ptr is not the correct size");
+            });
+        self.memory_bridge
+            .read(
+                MemoryAddress::new(
+                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
+                    *local_cols.rd_ptr,
+                ),
+                dst_ptr,
+                timestamp_pp(),
+                &local_cols.register_reads_aux[0],
+            )
+            .eval(builder, is_last_row.clone());
+
+        let src_ptr: [AB::Var; RV32_REGISTER_NUM_LIMBS] =
+            local_cols.src_ptr.to_vec().try_into().unwrap_or_else(|_| {
+                panic!("src_ptr is not the correct size");
+            });
+        self.memory_bridge
+            .read(
+                MemoryAddress::new(
+                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
+                    *local_cols.rs1_ptr,
+                ),
+                src_ptr,
+                timestamp_pp(),
+                &local_cols.register_reads_aux[1],
+            )
+            .eval(builder, is_last_row.clone());
+
+        let len_data: [AB::Var; RV32_REGISTER_NUM_LIMBS] =
+            local_cols.len_data.to_vec().try_into().unwrap_or_else(|_| {
+                panic!("len_data is not the correct size");
+            });
+        self.memory_bridge
+            .read(
+                MemoryAddress::new(
+                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
+                    *local_cols.rs2_ptr,
+                ),
+                len_data,
+                timestamp_pp(),
+                &local_cols.register_reads_aux[2],
+            )
+            .eval(builder, is_last_row.clone());
+        // range check that the memory pointers don't overflow
+        // Note: no need to range check the length since we read from memory step by step and
+        //       the memory bus will catch any memory accesses beyond ptr_max_bits
+        let shift = AB::Expr::from_canonical_usize(
+            1 << (RV32_REGISTER_NUM_LIMBS * RV32_CELL_BITS - self.ptr_max_bits),
+        );
+        // This only works if self.ptr_max_bits >= 24 which is typically the case
+        self.bitwise_lookup_bus
+            .send_range(
+                // It is fine to shift like this since we already know that dst_ptr and src_ptr have [RV32_CELL_BITS] bits
+                local_cols.dst_ptr[RV32_REGISTER_NUM_LIMBS - 1] * shift.clone(),
+                local_cols.src_ptr[RV32_REGISTER_NUM_LIMBS - 1] * shift.clone(),
+            )
+            .eval(builder, is_last_row.clone());
+
+        // the number of reads that happened to read the entire message: we do 4 reads per block
+        let time_delta = (*local_cols.inner.flags.local_block_idx + AB::Expr::ONE)
+            * AB::Expr::from_canonical_usize(4);
+        // Every time we read the message we increment the read pointer by C::READ_SIZE
+        let read_ptr_delta = time_delta.clone() * AB::Expr::from_canonical_usize(C::READ_SIZE);
+
+        let result: Vec<AB::Var> = (0..C::HASH_SIZE)
+            .map(|i| {
+                // The limbs are written in big endian order to the memory so need to be reversed
+                local_cols.inner.final_hash[[i / C::WORD_U8S, C::WORD_U8S - i % C::WORD_U8S - 1]]
+            })
+            .collect();
+
+        let dst_ptr_val = compose::<AB::Expr>(
+            local_cols.dst_ptr.mapv(|x| x.into()).as_slice().unwrap(),
+            RV32_CELL_BITS,
+        );
+
+        match C::VARIANT {
+            Sha2Variant::Sha256 => {
+                debug_assert_eq!(C::NUM_WRITES, 1);
+                debug_assert_eq!(local_cols.writes_aux_base.len(), 1);
+                debug_assert_eq!(local_cols.writes_aux_prev_data.nrows(), 1);
+                let prev_data: [AB::Var; Sha256Config::HASH_SIZE] = local_cols
+                    .writes_aux_prev_data
+                    .row(0)
+                    .to_vec()
+                    .try_into()
+                    .unwrap_or_else(|_| {
+                        panic!("writes_aux_prev_data is not the correct size");
+                    });
+                // Note: revisit in the future to do 2 block writes of 16 cells instead of 1 block write of 32 cells
+                //       This could be beneficial as the output is often an input for another hash
+                self.memory_bridge
+                    .write(
+                        MemoryAddress::new(
+                            AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
+                            dst_ptr_val,
+                        ),
+                        result.try_into().unwrap_or_else(|_| {
+                            panic!("result is not the correct size");
+                        }),
+                        timestamp_pp() + time_delta.clone(),
+                        &MemoryWriteAuxCols::from_base(local_cols.writes_aux_base[0], prev_data),
+                    )
+                    .eval(builder, is_last_row.clone());
+            }
+            Sha2Variant::Sha512 | Sha2Variant::Sha384 => {
+                debug_assert_eq!(C::NUM_WRITES, 2);
+                debug_assert_eq!(local_cols.writes_aux_base.len(), 2);
+                debug_assert_eq!(local_cols.writes_aux_prev_data.nrows(), 2);
+
+                // For Sha384, set the last 16 cells to 0
+                let mut truncated_result: Vec<AB::Expr> =
+                    result.iter().map(|x| (*x).into()).collect();
+                for x in truncated_result.iter_mut().skip(C::DIGEST_SIZE) {
+                    *x = AB::Expr::ZERO;
+                }
+
+                // write the digest in two halves because we only support writes up to 32 bytes
+                for i in 0..Sha512Config::NUM_WRITES {
+                    let prev_data: [AB::Var; Sha512Config::WRITE_SIZE] = local_cols
+                        .writes_aux_prev_data
+                        .row(i)
+                        .to_vec()
+                        .try_into()
+                        .unwrap_or_else(|_| {
+                            panic!("writes_aux_prev_data is not the correct size");
+                        });
+
+                    self.memory_bridge
+                        .write(
+                            MemoryAddress::new(
+                                AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
+                                dst_ptr_val.clone()
+                                    + AB::Expr::from_canonical_usize(i * Sha512Config::WRITE_SIZE),
+                            ),
+                            truncated_result
+                                [i * Sha512Config::WRITE_SIZE..(i + 1) * Sha512Config::WRITE_SIZE]
+                                .to_vec()
+                                .try_into()
+                                .unwrap_or_else(|_| {
+                                    panic!("result is not the correct size");
+                                }),
+                            timestamp_pp() + time_delta.clone(),
+                            &MemoryWriteAuxCols::from_base(
+                                local_cols.writes_aux_base[i],
+                                prev_data,
+                            ),
+                        )
+                        .eval(builder, is_last_row.clone());
+                }
+            }
+        }
+        self.execution_bridge
+            .execute_and_increment_pc(
+                AB::Expr::from_canonical_usize(C::OPCODE.global_opcode().as_usize()),
+                [
+                    <AB::Var as Into<AB::Expr>>::into(*local_cols.rd_ptr),
+                    <AB::Var as Into<AB::Expr>>::into(*local_cols.rs1_ptr),
+                    <AB::Var as Into<AB::Expr>>::into(*local_cols.rs2_ptr),
+                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
+                    AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
+                ],
+                *local_cols.from_state,
+                AB::Expr::from_canonical_usize(timestamp_delta) + time_delta.clone(),
+            )
+            .eval(builder, is_last_row.clone());
+
+        // Assert that we read the correct length of the message
+        let len_val = compose::<AB::Expr>(
+            local_cols.len_data.mapv(|x| x.into()).as_slice().unwrap(),
+            RV32_CELL_BITS,
+        );
+        builder
+            .when(is_last_row.clone())
+            .assert_eq(*local_cols.control.len, len_val);
+        // Assert that we started reading from the correct pointer initially
+        let src_val = compose::<AB::Expr>(
+            local_cols.src_ptr.mapv(|x| x.into()).as_slice().unwrap(),
+            RV32_CELL_BITS,
+        );
+        builder
+            .when(is_last_row.clone())
+            .assert_eq(*local_cols.control.read_ptr, src_val + read_ptr_delta);
+        // Assert that we started reading from the correct timestamp
+        builder.when(is_last_row.clone()).assert_eq(
+            *local_cols.control.cur_timestamp,
+            local_cols.from_state.timestamp + AB::Expr::from_canonical_u32(3) + time_delta,
+        );
+    }
+}
diff --git a/extensions/sha2/circuit/src/sha2_chip/columns.rs b/extensions/sha2/circuit/src/sha2_chip/columns.rs
new file mode 100644
index 0000000000..96b8313476
--- /dev/null
+++ b/extensions/sha2/circuit/src/sha2_chip/columns.rs
@@ -0,0 +1,102 @@
+//! WARNING: the order of fields in the structs is important, do not change it
+
+use openvm_circuit::{
+    arch::ExecutionState,
+    system::memory::offline_checker::{MemoryBaseAuxCols, MemoryReadAuxCols},
+};
+use openvm_circuit_primitives_derive::ColsRef;
+use openvm_instructions::riscv::RV32_REGISTER_NUM_LIMBS;
+use openvm_sha2_air::{
+    ShaDigestCols, ShaDigestColsRef, ShaDigestColsRefMut, ShaRoundCols, ShaRoundColsRef,
+    ShaRoundColsRefMut,
+};
+
+use super::SHA_REGISTER_READS;
+use crate::ShaChipConfig;
+
+/// the first C::ROUND_ROWS rows of every SHA block will be of type ShaVmRoundCols and the last row will be of type ShaVmDigestCols
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(ShaChipConfig)]
+pub struct Sha2VmRoundCols<
+    T,
+    const WORD_BITS: usize,
+    const WORD_U8S: usize,
+    const WORD_U16S: usize,
+    const ROUNDS_PER_ROW: usize,
+    const ROUNDS_PER_ROW_MINUS_ONE: usize,
+    const ROW_VAR_CNT: usize,
+> {
+    pub control: Sha2VmControlCols<T>,
+    pub inner: ShaRoundCols<
+        T,
+        WORD_BITS,
+        WORD_U8S,
+        WORD_U16S,
+        ROUNDS_PER_ROW,
+        ROUNDS_PER_ROW_MINUS_ONE,
+        ROW_VAR_CNT,
+    >,
+    #[aligned_borrow]
+    pub read_aux: MemoryReadAuxCols<T>,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(ShaChipConfig)]
+pub struct Sha2VmDigestCols<
+    T,
+    const WORD_BITS: usize,
+    const WORD_U8S: usize,
+    const WORD_U16S: usize,
+    const HASH_WORDS: usize,
+    const ROUNDS_PER_ROW: usize,
+    const ROUNDS_PER_ROW_MINUS_ONE: usize,
+    const ROW_VAR_CNT: usize,
+    const NUM_WRITES: usize,
+    const WRITE_SIZE: usize,
+> {
+    pub control: Sha2VmControlCols<T>,
+    pub inner: ShaDigestCols<
+        T,
+        WORD_BITS,
+        WORD_U8S,
+        WORD_U16S,
+        HASH_WORDS,
+        ROUNDS_PER_ROW,
+        ROUNDS_PER_ROW_MINUS_ONE,
+        ROW_VAR_CNT,
+    >,
+    #[aligned_borrow]
+    pub from_state: ExecutionState<T>,
+    /// It is counter intuitive, but we will constrain the register reads on the very last row of every message
+    pub rd_ptr: T,
+    pub rs1_ptr: T,
+    pub rs2_ptr: T,
+    pub dst_ptr: [T; RV32_REGISTER_NUM_LIMBS],
+    pub src_ptr: [T; RV32_REGISTER_NUM_LIMBS],
+    pub len_data: [T; RV32_REGISTER_NUM_LIMBS],
+    #[aligned_borrow]
+    pub register_reads_aux: [MemoryReadAuxCols<T>; SHA_REGISTER_READS],
+    // We store the fields of MemoryWriteAuxCols here because the length of prev_data depends on the sha variant
+    #[aligned_borrow]
+    pub writes_aux_base: [MemoryBaseAuxCols<T>; NUM_WRITES],
+    pub writes_aux_prev_data: [[T; WRITE_SIZE]; NUM_WRITES],
+}
+
+/// These are the columns that are used on both round and digest rows
+#[repr(C)]
+#[derive(Clone, Copy, Debug, ColsRef)]
+#[config(ShaChipConfig)]
+pub struct Sha2VmControlCols<T> {
+    /// Note: We will use the buffer in `inner.message_schedule` as the message data
+    /// This is the length of the entire message in bytes
+    pub len: T,
+    /// Need to keep timestamp and read_ptr since block reads don't have the necessary information
+    pub cur_timestamp: T,
+    pub read_ptr: T,
+    /// Padding flags which will be used to encode the the number of non-padding cells in the current row
+    pub pad_flags: [T; 9],
+    /// A boolean flag that indicates whether a padding already occurred
+    pub padding_occurred: T,
+}
diff --git a/extensions/sha2/circuit/src/sha2_chip/config.rs b/extensions/sha2/circuit/src/sha2_chip/config.rs
new file mode 100644
index 0000000000..86bd14bcf3
--- /dev/null
+++ b/extensions/sha2/circuit/src/sha2_chip/config.rs
@@ -0,0 +1,93 @@
+use openvm_instructions::riscv::RV32_CELL_BITS;
+use openvm_sha2_air::{Sha256Config, Sha2Config, Sha384Config, Sha512Config};
+use openvm_sha2_transpiler::Rv32Sha2Opcode;
+
+use super::{Sha2VmControlColsRef, Sha2VmDigestColsRef, Sha2VmRoundColsRef};
+
+pub enum Sha2Variant {
+    Sha256,
+    Sha512,
+    Sha384,
+}
+
+pub trait ShaChipConfig: Sha2Config {
+    // Differentiate between the two SHA256 variants
+    const VARIANT: Sha2Variant;
+    // Name of the opcode
+    const OPCODE_NAME: &'static str;
+    /// Width of the ShaVmControlCols
+    const VM_CONTROL_WIDTH: usize = Sha2VmControlColsRef::<u8>::width::<Self>();
+    /// Width of the ShaVmRoundCols
+    const VM_ROUND_WIDTH: usize = Sha2VmRoundColsRef::<u8>::width::<Self>();
+    /// Width of the ShaVmDigestCols
+    const VM_DIGEST_WIDTH: usize = Sha2VmDigestColsRef::<u8>::width::<Self>();
+    /// Width of the ShaVmCols
+    const VM_WIDTH: usize = if Self::VM_ROUND_WIDTH > Self::VM_DIGEST_WIDTH {
+        Self::VM_ROUND_WIDTH
+    } else {
+        Self::VM_DIGEST_WIDTH
+    };
+    /// Number of bits to use when padding the message length
+    const MESSAGE_LENGTH_BITS: usize;
+    /// Maximum i such that `FirstPadding_i` is a valid padding flag
+    const MAX_FIRST_PADDING: usize = Self::CELLS_PER_ROW - 1;
+    /// Maximum i such that `FirstPadding_i_LastRow` is a valid padding flag
+    const MAX_FIRST_PADDING_LAST_ROW: usize =
+        Self::CELLS_PER_ROW - Self::MESSAGE_LENGTH_BITS / 8 - 1;
+    /// OpenVM Opcode for the instruction
+    const OPCODE: Rv32Sha2Opcode;
+
+    // ==== Constants for register/memory adapter ====
+    // Number of rv32 cells read in a SHA256 block
+    const BLOCK_CELLS: usize = Self::BLOCK_BITS / RV32_CELL_BITS;
+    /// Number of rows we will do a read on for each SHA256 block
+    const NUM_READ_ROWS: usize = Self::MESSAGE_ROWS;
+
+    /// Number of cells to read in a single memory access
+    const READ_SIZE: usize = Self::WORD_U8S * Self::ROUNDS_PER_ROW;
+    /// Number of cells in the digest before truncation (Sha384 truncates the digest)
+    const HASH_SIZE: usize = Self::WORD_U8S * Self::HASH_WORDS;
+    /// Number of cells in the digest after truncation
+    const DIGEST_SIZE: usize;
+
+    /// Number of parts to write the hash in. Must divide HASH_SIZE
+    const NUM_WRITES: usize;
+    /// Size of each write
+    const WRITE_SIZE: usize = Self::HASH_SIZE / Self::NUM_WRITES;
+}
+
+/// Register reads to get dst, src, len
+pub const SHA_REGISTER_READS: usize = 3;
+
+impl ShaChipConfig for Sha256Config {
+    const VARIANT: Sha2Variant = Sha2Variant::Sha256;
+    const OPCODE_NAME: &'static str = "SHA256";
+    const MESSAGE_LENGTH_BITS: usize = 64;
+    const NUM_WRITES: usize = 1;
+    const OPCODE: Rv32Sha2Opcode = Rv32Sha2Opcode::SHA256;
+    // no truncation
+    const DIGEST_SIZE: usize = Self::HASH_SIZE;
+}
+
+// Currently same as Sha256Config, but can configure later
+impl ShaChipConfig for Sha512Config {
+    const VARIANT: Sha2Variant = Sha2Variant::Sha512;
+    const OPCODE_NAME: &'static str = "SHA512";
+    const MESSAGE_LENGTH_BITS: usize = 128;
+    // Use 2 writes because we only support writes up to 32 bytes
+    const NUM_WRITES: usize = 2;
+    const OPCODE: Rv32Sha2Opcode = Rv32Sha2Opcode::SHA512;
+    // no truncation
+    const DIGEST_SIZE: usize = Self::HASH_SIZE;
+}
+
+impl ShaChipConfig for Sha384Config {
+    const VARIANT: Sha2Variant = Sha2Variant::Sha384;
+    const OPCODE_NAME: &'static str = "SHA384";
+    const MESSAGE_LENGTH_BITS: usize = 128;
+    // Use 2 writes because we only support writes up to 32 bytes
+    const NUM_WRITES: usize = 2;
+    const OPCODE: Rv32Sha2Opcode = Rv32Sha2Opcode::SHA384;
+    // Sha284 truncates the output to 48 cells
+    const DIGEST_SIZE: usize = 48;
+}
diff --git a/extensions/sha2/circuit/src/sha2_chip/mod.rs b/extensions/sha2/circuit/src/sha2_chip/mod.rs
new file mode 100644
index 0000000000..00c132e41e
--- /dev/null
+++ b/extensions/sha2/circuit/src/sha2_chip/mod.rs
@@ -0,0 +1,280 @@
+//! Sha256 hasher. Handles full sha256 hashing with padding.
+//! variable length inputs read from VM memory.
+use std::{
+    cmp::{max, min},
+    sync::{Arc, Mutex},
+};
+
+use openvm_circuit::arch::{
+    ExecutionBridge, ExecutionError, ExecutionState, InstructionExecutor, SystemPort,
+};
+use openvm_circuit_primitives::{
+    bitwise_op_lookup::SharedBitwiseOperationLookupChip, encoder::Encoder,
+};
+use openvm_instructions::{
+    instruction::Instruction,
+    program::DEFAULT_PC_STEP,
+    riscv::{RV32_MEMORY_AS, RV32_REGISTER_AS},
+};
+use openvm_rv32im_circuit::adapters::read_rv32_register;
+use openvm_sha2_air::{Sha256Config, Sha2Air, Sha512Config};
+use openvm_stark_backend::{interaction::BusIndex, p3_field::PrimeField32};
+use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256, Sha384, Sha512};
+
+mod air;
+mod columns;
+mod config;
+mod trace;
+
+pub use air::*;
+pub use columns::*;
+pub use config::*;
+use openvm_circuit::system::memory::{MemoryController, OfflineMemory, RecordId};
+
+#[cfg(test)]
+mod tests;
+
+pub struct Sha2VmChip<F: PrimeField32, C: ShaChipConfig> {
+    pub air: Sha2VmAir<C>,
+    /// IO and memory data necessary for each opcode call
+    pub records: Vec<Sha2Record<F>>,
+    pub offline_memory: Arc<Mutex<OfflineMemory<F>>>,
+    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+}
+
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
+pub struct Sha2Record<F> {
+    pub from_state: ExecutionState<F>,
+    pub dst_read: RecordId,
+    pub src_read: RecordId,
+    pub len_read: RecordId,
+    pub input_records: Vec<Vec<RecordId>>, // type is like Vec<[RecordId; C::NUM_READ_ROWS]>
+    pub input_message: Vec<Vec<Vec<u8>>>, // type is like Vec<[[u8; C::SHA256_READ_SIZE]; C::SHA256_NUM_READ_ROWS]>
+    pub digest_writes: Vec<RecordId>,     // one write for sha256, two for sha512 and sha384
+}
+
+impl<F: PrimeField32, C: ShaChipConfig> Sha2VmChip<F, C> {
+    pub fn new(
+        SystemPort {
+            execution_bus,
+            program_bus,
+            memory_bridge,
+        }: SystemPort,
+        address_bits: usize,
+        bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
+        self_bus_idx: BusIndex,
+        offline_memory: Arc<Mutex<OfflineMemory<F>>>,
+    ) -> Self {
+        Self {
+            air: Sha2VmAir::new(
+                ExecutionBridge::new(execution_bus, program_bus),
+                memory_bridge,
+                bitwise_lookup_chip.bus(),
+                address_bits,
+                Sha2Air::<C>::new(bitwise_lookup_chip.bus(), self_bus_idx),
+                Encoder::new(PaddingFlags::COUNT, 2, false),
+            ),
+            bitwise_lookup_chip,
+            records: Vec::new(),
+            offline_memory,
+        }
+    }
+}
+
+impl<F: PrimeField32, C: ShaChipConfig> InstructionExecutor<F> for Sha2VmChip<F, C> {
+    fn execute(
+        &mut self,
+        memory: &mut MemoryController<F>,
+        instruction: &Instruction<F>,
+        from_state: ExecutionState<u32>,
+    ) -> Result<ExecutionState<u32>, ExecutionError> {
+        let &Instruction { a, b, c, d, e, .. } = instruction;
+        debug_assert_eq!(d, F::from_canonical_u32(RV32_REGISTER_AS));
+        debug_assert_eq!(e, F::from_canonical_u32(RV32_MEMORY_AS));
+
+        debug_assert_eq!(from_state.timestamp, memory.timestamp());
+
+        let (dst_read, dst) = read_rv32_register(memory, d, a);
+        let (src_read, src) = read_rv32_register(memory, d, b);
+        let (len_read, len) = read_rv32_register(memory, d, c);
+
+        #[cfg(debug_assertions)]
+        {
+            assert!(dst < (1 << self.air.ptr_max_bits));
+            assert!(src < (1 << self.air.ptr_max_bits));
+            assert!(len < (1 << self.air.ptr_max_bits));
+        }
+
+        // need to pad with one 1 bit, [C::MESSAGE_LENGTH_BITS] bits for the message length and then pad until the length is divisible by [C::BLOCK_BITS]
+        let num_blocks = ((len << 3) as usize + 1 + C::MESSAGE_LENGTH_BITS).div_ceil(C::BLOCK_BITS);
+
+        // we will read [num_blocks] * [C::BLOCK_CELLS] cells but only [len] cells will be used
+        debug_assert!(src as usize + num_blocks * C::BLOCK_CELLS <= (1 << self.air.ptr_max_bits));
+
+        let hash_result: HashResult = match C::VARIANT {
+            Sha2Variant::Sha256 => {
+                let hasher = Sha256::new();
+                execute_hash::<F, C, Sha256>(hasher, num_blocks, src, len, dst, memory, e)
+            }
+            Sha2Variant::Sha512 => {
+                let hasher = Sha512::new();
+                execute_hash::<F, C, Sha512>(hasher, num_blocks, src, len, dst, memory, e)
+            }
+            Sha2Variant::Sha384 => {
+                let hasher = Sha384::new();
+                execute_hash::<F, C, Sha384>(hasher, num_blocks, src, len, dst, memory, e)
+            }
+        };
+
+        self.records.push(Sha2Record {
+            from_state: from_state.map(F::from_canonical_u32),
+            dst_read,
+            src_read,
+            len_read,
+            input_records: hash_result.input_records,
+            input_message: hash_result.input_message,
+            digest_writes: hash_result.digest_writes,
+        });
+
+        Ok(ExecutionState {
+            pc: from_state.pc + DEFAULT_PC_STEP,
+            timestamp: memory.timestamp(),
+        })
+    }
+
+    fn get_opcode_name(&self, _: usize) -> String {
+        C::OPCODE_NAME.to_string()
+    }
+}
+
+struct HashResult {
+    input_records: Vec<Vec<RecordId>>,
+    input_message: Vec<Vec<Vec<u8>>>,
+    digest_writes: Vec<RecordId>,
+}
+fn execute_hash<F: PrimeField32, C: ShaChipConfig, H: Digest>(
+    mut hasher: H,
+    num_blocks: usize,
+    src: u32,
+    len: u32,
+    dst: u32,
+    memory: &mut MemoryController<F>,
+    address_space: F,
+) -> HashResult {
+    let mut input_records: Vec<Vec<RecordId>> = Vec::with_capacity(num_blocks * C::NUM_READ_ROWS);
+    let mut input_message = Vec::with_capacity(num_blocks * C::NUM_READ_ROWS);
+    let mut read_ptr = src;
+    for _ in 0..num_blocks {
+        let block_reads_records = (0..C::NUM_READ_ROWS)
+            .map(|i| match C::VARIANT {
+                Sha2Variant::Sha256 => {
+                    let (id, data) = memory.read::<{ Sha256Config::READ_SIZE }>(
+                        address_space,
+                        F::from_canonical_u32(read_ptr + (i * C::READ_SIZE) as u32),
+                    );
+                    (id, data.to_vec())
+                }
+                Sha2Variant::Sha512 | Sha2Variant::Sha384 => {
+                    let (id, data) = memory.read::<{ Sha512Config::READ_SIZE }>(
+                        address_space,
+                        F::from_canonical_u32(read_ptr + (i * C::READ_SIZE) as u32),
+                    );
+                    (id, data.to_vec())
+                }
+            })
+            .collect::<Vec<_>>();
+        let block_reads_bytes = (0..C::NUM_READ_ROWS)
+            .map(|i| {
+                // we add to the hasher only the bytes that are part of the message
+                let num_reads = min(C::READ_SIZE, (max(read_ptr, src + len) - read_ptr) as usize);
+                let row_input: &[u8] = &block_reads_records[i]
+                    .1
+                    .iter()
+                    .map(|x| x.as_canonical_u32().try_into().unwrap())
+                    .collect::<Vec<_>>();
+                hasher.update(&row_input[..num_reads]);
+                read_ptr += C::READ_SIZE as u32;
+                row_input.to_vec()
+            })
+            .collect::<Vec<_>>();
+        input_records.push(block_reads_records.into_iter().map(|x| x.0).collect());
+        input_message.push(block_reads_bytes);
+    }
+
+    let mut digest = vec![0u8; C::DIGEST_SIZE];
+    digest.copy_from_slice(hasher.finalize().as_ref());
+    // Pad with zeros
+    digest.resize(C::HASH_SIZE, 0);
+
+    match C::VARIANT {
+        Sha2Variant::Sha256 => {
+            debug_assert_eq!(C::NUM_WRITES, 1);
+            let (digest_write, _) = memory.write::<{ Sha256Config::DIGEST_SIZE }>(
+                address_space,
+                F::from_canonical_u32(dst),
+                digest
+                    .iter()
+                    .map(|b| F::from_canonical_u8(*b))
+                    .collect::<Vec<_>>()
+                    .try_into()
+                    .unwrap(),
+            );
+            HashResult {
+                input_records,
+                input_message,
+                digest_writes: vec![digest_write],
+            }
+        }
+        Sha2Variant::Sha512 | Sha2Variant::Sha384 => {
+            debug_assert_eq!(C::NUM_WRITES, 2);
+            // write the digest in two halves because we only support writes up to 32 bytes
+            let digest = digest
+                .iter()
+                .map(|b| F::from_canonical_u8(*b))
+                .collect::<Vec<_>>();
+            let mut digest_writes = Vec::with_capacity(C::NUM_WRITES);
+            for i in 0..C::NUM_WRITES {
+                let (digest_write, _) = memory.write::<{ Sha512Config::WRITE_SIZE }>(
+                    address_space,
+                    F::from_canonical_usize(dst as usize + i * Sha512Config::WRITE_SIZE),
+                    digest[i * Sha512Config::WRITE_SIZE..(i + 1) * Sha512Config::WRITE_SIZE]
+                        .try_into()
+                        .unwrap(),
+                );
+                digest_writes.push(digest_write);
+            }
+            HashResult {
+                input_records,
+                input_message,
+                digest_writes,
+            }
+        }
+    }
+}
+
+pub fn sha2_solve<C: ShaChipConfig>(input_message: &[u8]) -> Vec<u8> {
+    match C::VARIANT {
+        Sha2Variant::Sha256 => {
+            let mut hasher = Sha256::new();
+            hasher.update(input_message);
+            let mut output = vec![0u8; C::DIGEST_SIZE];
+            output.copy_from_slice(hasher.finalize().as_ref());
+            output
+        }
+        Sha2Variant::Sha512 => {
+            let mut hasher = Sha512::new();
+            hasher.update(input_message);
+            let mut output = vec![0u8; C::DIGEST_SIZE];
+            output.copy_from_slice(hasher.finalize().as_ref());
+            output
+        }
+        Sha2Variant::Sha384 => {
+            let mut hasher = Sha384::new();
+            hasher.update(input_message);
+            let mut output = vec![0u8; C::DIGEST_SIZE];
+            output.copy_from_slice(hasher.finalize().as_ref());
+            output
+        }
+    }
+}
diff --git a/extensions/sha256/circuit/src/sha256_chip/tests.rs b/extensions/sha2/circuit/src/sha2_chip/tests.rs
similarity index 55%
rename from extensions/sha256/circuit/src/sha256_chip/tests.rs
rename to extensions/sha2/circuit/src/sha2_chip/tests.rs
index 55bc076e2c..9279e7d019 100644
--- a/extensions/sha256/circuit/src/sha256_chip/tests.rs
+++ b/extensions/sha2/circuit/src/sha2_chip/tests.rs
@@ -6,22 +6,22 @@ use openvm_circuit_primitives::bitwise_op_lookup::{
     BitwiseOperationLookupBus, SharedBitwiseOperationLookupChip,
 };
 use openvm_instructions::{instruction::Instruction, riscv::RV32_CELL_BITS, LocalOpcode};
-use openvm_sha256_air::get_random_message;
-use openvm_sha256_transpiler::Rv32Sha256Opcode::{self, *};
+use openvm_sha2_air::{get_random_message, Sha256Config, Sha384Config, Sha512Config};
+use openvm_sha2_transpiler::Rv32Sha2Opcode::{self, *};
 use openvm_stark_backend::{interaction::BusIndex, p3_field::FieldAlgebra};
 use openvm_stark_sdk::{config::setup_tracing, p3_baby_bear::BabyBear, utils::create_seeded_rng};
 use rand::{rngs::StdRng, Rng};
 
-use super::Sha256VmChip;
-use crate::{sha256_solve, Sha256VmDigestCols, Sha256VmRoundCols};
+use super::{Sha2VmChip, ShaChipConfig};
+use crate::{sha2_solve, Sha2VmDigestColsRef, Sha2VmRoundColsRef};
 
 type F = BabyBear;
 const BUS_IDX: BusIndex = 28;
-fn set_and_execute(
+fn set_and_execute<C: ShaChipConfig>(
     tester: &mut VmChipTestBuilder<F>,
-    chip: &mut Sha256VmChip<F>,
+    chip: &mut Sha2VmChip<F, C>,
     rng: &mut StdRng,
-    opcode: Rv32Sha256Opcode,
+    opcode: Rv32Sha2Opcode,
     message: Option<&[u8]>,
     len: Option<usize>,
 ) {
@@ -40,7 +40,7 @@ fn set_and_execute(
             .borrow()
             .mem_config()
             .pointer_max_bits;
-    let dst_ptr = rng.gen_range(0..max_mem_ptr);
+    let dst_ptr = rng.gen_range(0..max_mem_ptr - C::DIGEST_SIZE as u32);
     let dst_ptr = dst_ptr ^ (dst_ptr & 3);
     tester.write(1, rd, dst_ptr.to_le_bytes().map(F::from_canonical_u8));
     let src_ptr = rng.gen_range(0..(max_mem_ptr - len as u32));
@@ -57,11 +57,25 @@ fn set_and_execute(
         &Instruction::from_usize(opcode.global_opcode(), [rd, rs1, rs2, 1, 2]),
     );
 
-    let output = sha256_solve(message);
-    assert_eq!(
-        output.map(F::from_canonical_u8),
-        tester.read::<32>(2, dst_ptr as usize)
-    );
+    let output = sha2_solve::<C>(message);
+    if C::OPCODE_NAME == "SHA256" {
+        assert_eq!(
+            output
+                .into_iter()
+                .map(F::from_canonical_u8)
+                .collect::<Vec<_>>(),
+            tester.read::<{ Sha256Config::DIGEST_SIZE }>(2, dst_ptr as usize)
+        );
+    } else if C::OPCODE_NAME == "SHA512" {
+        // TODO: break into two reads
+        assert_eq!(
+            output
+                .into_iter()
+                .map(F::from_canonical_u8)
+                .collect::<Vec<_>>(),
+            tester.read::<{ Sha512Config::DIGEST_SIZE }>(2, dst_ptr as usize)
+        );
+    }
 }
 
 ///////////////////////////////////////////////////////////////////////////////////////
@@ -70,14 +84,13 @@ fn set_and_execute(
 /// Randomly generate computations and execute, ensuring that the generated trace
 /// passes all constraints.
 ///////////////////////////////////////////////////////////////////////////////////////
-#[test]
-fn rand_sha256_test() {
+fn rand_sha_test<C: ShaChipConfig + 'static>(opcode: Rv32Sha2Opcode) {
     setup_tracing();
     let mut rng = create_seeded_rng();
     let mut tester = VmChipTestBuilder::default();
     let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
     let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
-    let mut chip = Sha256VmChip::new(
+    let mut chip = Sha2VmChip::<F, C>::new(
         SystemPort {
             execution_bus: tester.execution_bus(),
             program_bus: tester.program_bus(),
@@ -86,31 +99,44 @@ fn rand_sha256_test() {
         tester.address_bits(),
         bitwise_chip.clone(),
         BUS_IDX,
-        Rv32Sha256Opcode::CLASS_OFFSET,
         tester.offline_memory_mutex_arc(),
     );
 
     let num_tests: usize = 3;
     for _ in 0..num_tests {
-        set_and_execute(&mut tester, &mut chip, &mut rng, SHA256, None, None);
+        set_and_execute::<C>(&mut tester, &mut chip, &mut rng, opcode, None, None);
     }
 
     let tester = tester.build().load(chip).load(bitwise_chip).finalize();
     tester.simple_test().expect("Verification failed");
 }
 
+#[test]
+fn rand_sha256_test() {
+    rand_sha_test::<Sha256Config>(SHA256);
+}
+
+#[test]
+fn rand_sha512_test() {
+    rand_sha_test::<Sha512Config>(SHA512);
+}
+
+#[test]
+fn rand_sha384_test() {
+    rand_sha_test::<Sha384Config>(SHA384);
+}
+
 ///////////////////////////////////////////////////////////////////////////////////////
 /// SANITY TESTS
 ///
 /// Ensure that solve functions produce the correct results.
 ///////////////////////////////////////////////////////////////////////////////////////
-#[test]
-fn execute_roundtrip_sanity_test() {
+fn execute_roundtrip_sanity_test<C: ShaChipConfig>(opcode: Rv32Sha2Opcode) {
     let mut rng = create_seeded_rng();
     let mut tester = VmChipTestBuilder::default();
     let bitwise_bus = BitwiseOperationLookupBus::new(BITWISE_OP_LOOKUP_BUS);
     let bitwise_chip = SharedBitwiseOperationLookupChip::<RV32_CELL_BITS>::new(bitwise_bus);
-    let mut chip = Sha256VmChip::new(
+    let mut chip = Sha2VmChip::<F, C>::new(
         SystemPort {
             execution_bus: tester.execution_bus(),
             program_bus: tester.program_bus(),
@@ -119,31 +145,72 @@ fn execute_roundtrip_sanity_test() {
         tester.address_bits(),
         bitwise_chip.clone(),
         BUS_IDX,
-        Rv32Sha256Opcode::CLASS_OFFSET,
         tester.offline_memory_mutex_arc(),
     );
 
     println!(
-        "Sha256VmDigestCols::width(): {}",
-        Sha256VmDigestCols::<F>::width()
+        "Sha2VmDigestColsRef::<F>::width::<C>(): {}",
+        Sha2VmDigestColsRef::<F>::width::<C>()
     );
     println!(
-        "Sha256VmRoundCols::width(): {}",
-        Sha256VmRoundCols::<F>::width()
+        "Sha2VmRoundColsRef::<F>::width::<C>(): {}",
+        Sha2VmRoundColsRef::<F>::width::<C>()
     );
+
     let num_tests: usize = 1;
     for _ in 0..num_tests {
-        set_and_execute(&mut tester, &mut chip, &mut rng, SHA256, None, None);
+        set_and_execute::<C>(&mut tester, &mut chip, &mut rng, opcode, None, None);
     }
 }
 
+#[test]
+fn sha256_roundtrip_sanity_test() {
+    execute_roundtrip_sanity_test::<Sha256Config>(SHA256);
+}
+
+#[test]
+fn sha512_roundtrip_sanity_test() {
+    execute_roundtrip_sanity_test::<Sha512Config>(SHA512);
+}
+
+#[test]
+fn sha384_roundtrip_sanity_test() {
+    execute_roundtrip_sanity_test::<Sha384Config>(SHA384);
+}
+
 #[test]
 fn sha256_solve_sanity_check() {
     let input = b"Axiom is the best! Axiom is the best! Axiom is the best! Axiom is the best!";
-    let output = sha256_solve(input);
+    let output = sha2_solve::<Sha256Config>(input);
     let expected: [u8; 32] = [
         99, 196, 61, 185, 226, 212, 131, 80, 154, 248, 97, 108, 157, 55, 200, 226, 160, 73, 207,
         46, 245, 169, 94, 255, 42, 136, 193, 15, 40, 133, 173, 22,
     ];
     assert_eq!(output, expected);
 }
+
+#[test]
+fn sha512_solve_sanity_check() {
+    let input = b"Axiom is the best! Axiom is the best! Axiom is the best! Axiom is the best!";
+    let output = sha2_solve::<Sha512Config>(input);
+    // verified manually against the sha512 command line tool
+    let expected: [u8; 64] = [
+        0, 8, 195, 142, 70, 71, 97, 208, 132, 132, 243, 53, 179, 186, 8, 162, 71, 75, 126, 21, 130,
+        203, 245, 126, 207, 65, 119, 60, 64, 79, 200, 2, 194, 17, 189, 137, 164, 213, 107, 197,
+        152, 11, 242, 165, 146, 80, 96, 105, 249, 27, 139, 14, 244, 21, 118, 31, 94, 87, 32, 145,
+        149, 98, 235, 75,
+    ];
+    assert_eq!(output, expected);
+}
+
+#[test]
+fn sha384_solve_sanity_check() {
+    let input = b"Axiom is the best! Axiom is the best! Axiom is the best! Axiom is the best!";
+    let output = sha2_solve::<Sha384Config>(input);
+    let expected: [u8; 48] = [
+        134, 227, 167, 229, 35, 110, 115, 174, 10, 27, 197, 116, 56, 144, 150, 36, 152, 190, 212,
+        120, 26, 243, 125, 4, 2, 60, 164, 195, 218, 219, 255, 143, 240, 75, 158, 126, 102, 105, 8,
+        202, 142, 240, 230, 161, 162, 152, 111, 71,
+    ];
+    assert_eq!(output, expected);
+}
diff --git a/extensions/sha2/circuit/src/sha2_chip/trace.rs b/extensions/sha2/circuit/src/sha2_chip/trace.rs
new file mode 100644
index 0000000000..f9364472d5
--- /dev/null
+++ b/extensions/sha2/circuit/src/sha2_chip/trace.rs
@@ -0,0 +1,464 @@
+use std::{borrow::BorrowMut, sync::Arc};
+
+use openvm_circuit::system::memory::offline_checker::MemoryWriteAuxCols;
+use openvm_circuit_primitives::utils::next_power_of_two_or_zero;
+use openvm_instructions::riscv::{RV32_CELL_BITS, RV32_REGISTER_NUM_LIMBS};
+use openvm_rv32im_circuit::adapters::compose;
+use openvm_sha2_air::{get_flag_pt_array, limbs_into_word, Sha256Config, Sha2Air, Sha512Config};
+use openvm_stark_backend::{
+    config::{StarkGenericConfig, Val},
+    p3_air::BaseAir,
+    p3_field::{FieldAlgebra, PrimeField32},
+    p3_matrix::dense::RowMajorMatrix,
+    p3_maybe_rayon::prelude::*,
+    prover::types::AirProofInput,
+    rap::get_air_name,
+    AirRef, Chip, ChipUsageGetter,
+};
+
+use super::{
+    Sha2Variant, Sha2VmChip, Sha2VmDigestColsRefMut, Sha2VmRoundColsRefMut, ShaChipConfig,
+};
+use crate::sha2_chip::PaddingFlags;
+
+impl<SC: StarkGenericConfig, C: ShaChipConfig + 'static> Chip<SC> for Sha2VmChip<Val<SC>, C>
+where
+    Val<SC>: PrimeField32,
+{
+    fn air(&self) -> AirRef<SC> {
+        Arc::new(self.air.clone())
+    }
+
+    fn generate_air_proof_input(self) -> AirProofInput<SC> {
+        let non_padded_height = self.current_trace_height();
+        let height = next_power_of_two_or_zero(non_padded_height);
+        let width = self.trace_width();
+        let mut values = Val::<SC>::zero_vec(height * width);
+        if height == 0 {
+            return AirProofInput::simple_no_pis(RowMajorMatrix::new(values, width));
+        }
+        let records = self.records;
+        let offline_memory = self.offline_memory.lock().unwrap();
+        let memory_aux_cols_factory = offline_memory.aux_cols_factory();
+
+        let mem_ptr_shift: u32 =
+            1 << (RV32_REGISTER_NUM_LIMBS * RV32_CELL_BITS - self.air.ptr_max_bits);
+
+        let mut states = Vec::with_capacity(height.div_ceil(C::ROWS_PER_BLOCK));
+        let mut global_block_idx = 0;
+        for (record_idx, record) in records.iter().enumerate() {
+            let dst_read = offline_memory.record_by_id(record.dst_read);
+            let src_read = offline_memory.record_by_id(record.src_read);
+            let len_read = offline_memory.record_by_id(record.len_read);
+
+            self.bitwise_lookup_chip.request_range(
+                dst_read
+                    .data_at(RV32_REGISTER_NUM_LIMBS - 1)
+                    .as_canonical_u32()
+                    * mem_ptr_shift,
+                src_read
+                    .data_at(RV32_REGISTER_NUM_LIMBS - 1)
+                    .as_canonical_u32()
+                    * mem_ptr_shift,
+            );
+            let len = compose(len_read.data_slice().try_into().unwrap());
+            let mut state = &None;
+            for (i, input_message) in record.input_message.iter().enumerate() {
+                let input_message = input_message.iter().flatten().copied().collect::<Vec<_>>();
+                states.push(Some(Self::generate_state(
+                    state,
+                    input_message,
+                    record_idx,
+                    len,
+                    i == record.input_records.len() - 1,
+                )));
+                state = &states[global_block_idx];
+                global_block_idx += 1;
+            }
+        }
+        states.extend(
+            std::iter::repeat(None).take((height - non_padded_height).div_ceil(C::ROWS_PER_BLOCK)),
+        );
+
+        // During the first pass we will fill out most of the matrix
+        // But there are some cells that can't be generated by the first pass so we will do a second pass over the matrix
+        values
+            .par_chunks_mut(width * C::ROWS_PER_BLOCK)
+            .zip(states.into_par_iter().enumerate())
+            .for_each(|(block, (global_block_idx, state))| {
+                // Fill in a valid block
+                if let Some(state) = state {
+                    let mut has_padding_occurred =
+                        state.local_block_idx * C::BLOCK_CELLS > state.message_len as usize;
+                    let message_left = if has_padding_occurred {
+                        0
+                    } else {
+                        state.message_len as usize - state.local_block_idx * C::BLOCK_CELLS
+                    };
+                    let is_last_block = state.is_last_block;
+                    let buffer: Vec<Vec<Val<SC>>> = (0..C::MESSAGE_ROWS)
+                        .map(|j| {
+                            (0..C::CELLS_PER_ROW)
+                                .map(|k| {
+                                    Val::<SC>::from_canonical_u8(
+                                        state.block_input_message[j * C::CELLS_PER_ROW + k],
+                                    )
+                                })
+                                .collect::<Vec<_>>()
+                        })
+                        .collect::<Vec<_>>();
+
+                    let padded_message: Vec<C::Word> = (0..C::BLOCK_WORDS)
+                        .map(|j| {
+                            limbs_into_word::<C>(
+                                &(0..C::WORD_U8S)
+                                    .map(|k| {
+                                        state.block_padded_message[(j + 1) * C::WORD_U8S - k - 1]
+                                            as u32
+                                    })
+                                    .collect::<Vec<_>>(),
+                            )
+                        })
+                        .collect::<Vec<_>>();
+
+                    self.air.sha_subair.generate_block_trace::<Val<SC>>(
+                        block,
+                        width,
+                        C::VM_CONTROL_WIDTH,
+                        &padded_message,
+                        self.bitwise_lookup_chip.clone(),
+                        &state.hash,
+                        is_last_block,
+                        global_block_idx as u32 + 1,
+                        state.local_block_idx as u32,
+                        buffer,
+                    );
+
+                    let block_reads = records[state.message_idx].input_records
+                        [state.local_block_idx]
+                        .iter()
+                        .map(|record_id| offline_memory.record_by_id(*record_id))
+                        .collect::<Vec<_>>();
+
+                    let mut read_ptr = block_reads[0].pointer;
+                    let mut cur_timestamp = Val::<SC>::from_canonical_u32(block_reads[0].timestamp);
+
+                    let read_size = Val::<SC>::from_canonical_usize(C::READ_SIZE);
+                    for row in 0..C::ROWS_PER_BLOCK {
+                        let row_slice = &mut block[row * width..(row + 1) * width];
+                        if row < C::ROUND_ROWS {
+                            let mut cols = Sha2VmRoundColsRefMut::from::<C>(
+                                row_slice[..C::VM_ROUND_WIDTH].borrow_mut(),
+                            );
+                            *cols.control.len = Val::<SC>::from_canonical_u32(state.message_len);
+                            *cols.control.read_ptr = read_ptr;
+                            *cols.control.cur_timestamp = cur_timestamp;
+                            if row < C::MESSAGE_ROWS {
+                                read_ptr += read_size;
+                                cur_timestamp += Val::<SC>::ONE;
+                                memory_aux_cols_factory
+                                    .generate_read_aux(block_reads[row], cols.read_aux);
+
+                                if (row + 1) * C::READ_SIZE <= message_left {
+                                    cols.control
+                                        .pad_flags
+                                        .iter_mut()
+                                        .zip(
+                                            get_flag_pt_array(
+                                                &self.air.padding_encoder,
+                                                PaddingFlags::NotPadding as usize,
+                                            )
+                                            .into_iter()
+                                            .map(Val::<SC>::from_canonical_u32),
+                                        )
+                                        .for_each(|(x, y)| *x = y);
+                                } else if !has_padding_occurred {
+                                    has_padding_occurred = true;
+                                    let len = message_left - row * C::READ_SIZE;
+                                    cols.control
+                                        .pad_flags
+                                        .iter_mut()
+                                        .zip(
+                                            get_flag_pt_array(
+                                                &self.air.padding_encoder,
+                                                if row == 3 && is_last_block {
+                                                    PaddingFlags::FirstPadding0_LastRow
+                                                } else {
+                                                    PaddingFlags::FirstPadding0
+                                                }
+                                                    as usize
+                                                    + len,
+                                            )
+                                            .into_iter()
+                                            .map(Val::<SC>::from_canonical_u32),
+                                        )
+                                        .for_each(|(x, y)| *x = y);
+                                } else {
+                                    cols.control
+                                        .pad_flags
+                                        .iter_mut()
+                                        .zip(
+                                            get_flag_pt_array(
+                                                &self.air.padding_encoder,
+                                                if row == 3 && is_last_block {
+                                                    PaddingFlags::EntirePaddingLastRow
+                                                } else {
+                                                    PaddingFlags::EntirePadding
+                                                }
+                                                    as usize,
+                                            )
+                                            .into_iter()
+                                            .map(Val::<SC>::from_canonical_u32),
+                                        )
+                                        .for_each(|(x, y)| *x = y);
+                                }
+                            } else {
+                                cols.control
+                                    .pad_flags
+                                    .iter_mut()
+                                    .zip(
+                                        get_flag_pt_array(
+                                            &self.air.padding_encoder,
+                                            PaddingFlags::NotConsidered as usize,
+                                        )
+                                        .into_iter()
+                                        .map(Val::<SC>::from_canonical_u32),
+                                    )
+                                    .for_each(|(x, y)| *x = y);
+                            }
+                            *cols.control.padding_occurred =
+                                Val::<SC>::from_bool(has_padding_occurred);
+                        } else {
+                            if is_last_block {
+                                has_padding_occurred = false;
+                            }
+                            let mut cols = Sha2VmDigestColsRefMut::from::<C>(
+                                row_slice[..C::VM_DIGEST_WIDTH].borrow_mut(),
+                            );
+                            *cols.control.len = Val::<SC>::from_canonical_u32(state.message_len);
+                            *cols.control.read_ptr = read_ptr;
+                            *cols.control.cur_timestamp = cur_timestamp;
+                            cols.control
+                                .pad_flags
+                                .iter_mut()
+                                .zip(
+                                    get_flag_pt_array(
+                                        &self.air.padding_encoder,
+                                        PaddingFlags::NotConsidered as usize,
+                                    )
+                                    .into_iter()
+                                    .map(Val::<SC>::from_canonical_u32),
+                                )
+                                .for_each(|(x, y)| *x = y);
+                            if is_last_block {
+                                let record = &records[state.message_idx];
+                                let dst_read = offline_memory.record_by_id(record.dst_read);
+                                let src_read = offline_memory.record_by_id(record.src_read);
+                                let len_read = offline_memory.record_by_id(record.len_read);
+                                let digest_writes: Vec<_> = record
+                                    .digest_writes
+                                    .iter()
+                                    .map(|id| offline_memory.record_by_id(*id))
+                                    .collect();
+                                *cols.from_state = record.from_state;
+                                *cols.rd_ptr = dst_read.pointer;
+                                *cols.rs1_ptr = src_read.pointer;
+                                *cols.rs2_ptr = len_read.pointer;
+                                cols.dst_ptr
+                                    .iter_mut()
+                                    .zip(dst_read.data_slice())
+                                    .for_each(|(x, y)| *x = *y);
+                                cols.src_ptr
+                                    .iter_mut()
+                                    .zip(src_read.data_slice())
+                                    .for_each(|(x, y)| *x = *y);
+                                cols.len_data
+                                    .iter_mut()
+                                    .zip(len_read.data_slice())
+                                    .for_each(|(x, y)| *x = *y);
+                                memory_aux_cols_factory.generate_read_aux(
+                                    dst_read,
+                                    cols.register_reads_aux.get_mut(0).unwrap(),
+                                );
+                                memory_aux_cols_factory
+                                    .generate_read_aux(src_read, &mut cols.register_reads_aux[1]);
+                                memory_aux_cols_factory
+                                    .generate_read_aux(len_read, &mut cols.register_reads_aux[2]);
+
+                                match C::VARIANT {
+                                    Sha2Variant::Sha256 => {
+                                        debug_assert_eq!(C::NUM_WRITES, 1);
+                                        debug_assert_eq!(digest_writes.len(), 1);
+                                        debug_assert_eq!(cols.writes_aux_base.len(), 1);
+                                        debug_assert_eq!(cols.writes_aux_prev_data.nrows(), 1);
+                                        let digest_write = digest_writes[0];
+                                        // write to a temporary MemoryWriteAuxCols object and then copy it over to the columns struct.
+                                        let mut writes_aux: MemoryWriteAuxCols<
+                                            Val<SC>,
+                                            { Sha256Config::DIGEST_SIZE },
+                                        > = MemoryWriteAuxCols::from_base(
+                                            cols.writes_aux_base[0],
+                                            cols.writes_aux_prev_data
+                                                .row(0)
+                                                .to_vec()
+                                                .try_into()
+                                                .unwrap(),
+                                        );
+                                        memory_aux_cols_factory
+                                            .generate_write_aux(digest_write, &mut writes_aux);
+                                        cols.writes_aux_base[0] = writes_aux.get_base();
+                                        cols.writes_aux_prev_data
+                                            .row_mut(0)
+                                            .iter_mut()
+                                            .zip(writes_aux.prev_data())
+                                            .for_each(|(x, y)| *x = *y);
+                                    }
+                                    Sha2Variant::Sha512 | Sha2Variant::Sha384 => {
+                                        debug_assert_eq!(C::NUM_WRITES, 2);
+                                        debug_assert_eq!(digest_writes.len(), 2);
+                                        debug_assert_eq!(cols.writes_aux_base.len(), 2);
+                                        debug_assert_eq!(cols.writes_aux_prev_data.nrows(), 2);
+                                        for (i, digest_write) in digest_writes.iter().enumerate() {
+                                            let prev_data =
+                                                cols.writes_aux_prev_data.row(i).to_vec();
+                                            // write to a temporary MemoryWriteAuxCols object and then copy it over to the columns struct
+                                            let mut writes_aux: MemoryWriteAuxCols<
+                                                Val<SC>,
+                                                { Sha512Config::WRITE_SIZE },
+                                            > = MemoryWriteAuxCols::from_base(
+                                                cols.writes_aux_base[i],
+                                                prev_data.try_into().unwrap(),
+                                            );
+                                            memory_aux_cols_factory
+                                                .generate_write_aux(digest_write, &mut writes_aux);
+                                            cols.writes_aux_base[i] = writes_aux.get_base();
+                                            cols.writes_aux_prev_data
+                                                .row_mut(i)
+                                                .iter_mut()
+                                                .zip(writes_aux.prev_data())
+                                                .for_each(|(x, y)| *x = *y);
+                                        }
+                                    }
+                                }
+                            }
+                            *cols.control.padding_occurred =
+                                Val::<SC>::from_bool(has_padding_occurred);
+                        }
+                    }
+                }
+                // Fill in the invalid rows
+                else {
+                    block.par_chunks_mut(width).for_each(|row| {
+                        let cols = Sha2VmRoundColsRefMut::from::<C>(row.borrow_mut());
+                        self.air.sha_subair.generate_default_row(cols.inner);
+                    })
+                }
+            });
+
+        // Do a second pass over the trace to fill in the missing values
+        // Note, we need to skip the very first row
+        values[width..]
+            .par_chunks_mut(width * C::ROWS_PER_BLOCK)
+            .take(non_padded_height / C::ROWS_PER_BLOCK)
+            .for_each(|chunk| {
+                self.air
+                    .sha_subair
+                    .generate_missing_cells(chunk, width, C::VM_CONTROL_WIDTH);
+            });
+
+        AirProofInput::simple_no_pis(RowMajorMatrix::new(values, width))
+    }
+}
+
+impl<F: PrimeField32, C: ShaChipConfig> ChipUsageGetter for Sha2VmChip<F, C> {
+    fn air_name(&self) -> String {
+        get_air_name(&self.air)
+    }
+    fn current_trace_height(&self) -> usize {
+        self.records.iter().fold(0, |acc, record| {
+            acc + record.input_records.len() * C::ROWS_PER_BLOCK
+        })
+    }
+
+    fn trace_width(&self) -> usize {
+        BaseAir::<F>::width(&self.air)
+    }
+}
+
+/// This is the state information that a block will use to generate its trace
+#[derive(Debug, Clone)]
+struct Sha2State<C: ShaChipConfig> {
+    hash: Vec<C::Word>, // length should be C::HASH_WORDS
+    local_block_idx: usize,
+    message_len: u32,
+    block_input_message: Vec<u8>,  // length should be C::BLOCK_CELLS
+    block_padded_message: Vec<u8>, // length should be C::BLOCK_CELLS
+    message_idx: usize,
+    is_last_block: bool,
+}
+
+impl<F: PrimeField32, C: ShaChipConfig> Sha2VmChip<F, C> {
+    fn generate_state(
+        prev_state: &Option<Sha2State<C>>,
+        block_input_message: Vec<u8>, // length should be C::BLOCK_CELLS
+        message_idx: usize,
+        message_len: u32,
+        is_last_block: bool,
+    ) -> Sha2State<C> {
+        debug_assert_eq!(block_input_message.len(), C::BLOCK_CELLS);
+        let local_block_idx = if let Some(prev_state) = prev_state {
+            prev_state.local_block_idx + 1
+        } else {
+            0
+        };
+        let has_padding_occurred = local_block_idx * C::BLOCK_CELLS > message_len as usize;
+        let message_left = if has_padding_occurred {
+            0
+        } else {
+            message_len as usize - local_block_idx * C::BLOCK_CELLS
+        };
+
+        let padded_message_bytes: Vec<u8> = (0..C::BLOCK_CELLS)
+            .map(|j| {
+                if j < message_left {
+                    block_input_message[j]
+                } else if j == message_left && !has_padding_occurred {
+                    1 << (RV32_CELL_BITS - 1)
+                } else if !is_last_block || j < C::BLOCK_CELLS - 4 {
+                    0u8
+                } else {
+                    let shift_amount = (C::BLOCK_CELLS - j - 1) * RV32_CELL_BITS;
+                    ((message_len * RV32_CELL_BITS as u32)
+                        .checked_shr(shift_amount as u32)
+                        .unwrap_or(0)
+                        & ((1 << RV32_CELL_BITS) - 1)) as u8
+                }
+            })
+            .collect();
+
+        if let Some(prev_state) = prev_state {
+            Sha2State {
+                hash: Sha2Air::<C>::get_block_hash(
+                    &prev_state.hash,
+                    prev_state.block_padded_message.clone(),
+                ),
+                local_block_idx,
+                message_len,
+                block_input_message,
+                block_padded_message: padded_message_bytes,
+                message_idx,
+                is_last_block,
+            }
+        } else {
+            Sha2State {
+                hash: C::get_h().to_vec(),
+                local_block_idx: 0,
+                message_len,
+                block_input_message,
+                block_padded_message: padded_message_bytes,
+                message_idx,
+                is_last_block,
+            }
+        }
+    }
+}
diff --git a/extensions/sha256/guest/Cargo.toml b/extensions/sha2/guest/Cargo.toml
similarity index 79%
rename from extensions/sha256/guest/Cargo.toml
rename to extensions/sha2/guest/Cargo.toml
index ee39453272..8dd496539f 100644
--- a/extensions/sha256/guest/Cargo.toml
+++ b/extensions/sha2/guest/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
-name = "openvm-sha256-guest"
+name = "openvm-sha2-guest"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true
-description = "Guest extension for Sha256"
+description = "Guest extension for SHA-2"
 
 [dependencies]
 openvm-platform = { workspace = true }
diff --git a/extensions/sha2/guest/src/lib.rs b/extensions/sha2/guest/src/lib.rs
new file mode 100644
index 0000000000..6e88ad9b24
--- /dev/null
+++ b/extensions/sha2/guest/src/lib.rs
@@ -0,0 +1,134 @@
+#![no_std]
+
+/// This is custom-0 defined in RISC-V spec document
+pub const OPCODE: u8 = 0x0b;
+pub const SHA2_FUNCT3: u8 = 0b100;
+
+#[derive(Debug, Copy, Clone, PartialEq, Eq)]
+#[repr(u8)]
+pub enum Sha2BaseFunct7 {
+    Sha256 = 0x1,
+    Sha512 = 0x2,
+    Sha384 = 0x3,
+}
+
+/// The sha256 cryptographic hash function.
+#[inline(always)]
+pub fn sha256(input: &[u8]) -> [u8; 32] {
+    let mut output = [0u8; 32];
+    set_sha256(input, &mut output);
+    output
+}
+
+/// The sha512 cryptographic hash function.
+#[inline(always)]
+pub fn sha512(input: &[u8]) -> [u8; 64] {
+    let mut output = [0u8; 64];
+    set_sha512(input, &mut output);
+    output
+}
+
+/// The sha384 cryptographic hash function.
+#[inline(always)]
+pub fn sha384(input: &[u8]) -> [u8; 48] {
+    let mut output = [0u8; 64];
+    set_sha384(input, &mut output);
+    output[..48].try_into().unwrap()
+}
+
+/// zkvm native implementation of sha256
+/// # Safety
+///
+/// The VM accepts the preimage by pointer and length, and writes the
+/// 32-byte hash.
+/// - `bytes` must point to an input buffer at least `len` long.
+/// - `output` must point to a buffer that is at least 32-bytes long.
+///
+/// [`sha2-256`]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+#[cfg(target_os = "zkvm")]
+#[inline(always)]
+#[no_mangle]
+extern "C" fn zkvm_sha256_impl(bytes: *const u8, len: usize, output: *mut u8) {
+    openvm_platform::custom_insn_r!(opcode = OPCODE, funct3 = SHA2_FUNCT3, funct7 = Sha2BaseFunct7::Sha256 as u8, rd = In output, rs1 = In bytes, rs2 = In len);
+}
+
+/// zkvm native implementation of sha512
+/// # Safety
+///
+/// The VM accepts the preimage by pointer and length, and writes the
+/// 64-byte hash.
+/// - `bytes` must point to an input buffer at least `len` long.
+/// - `output` must point to a buffer that is at least 64-bytes long.
+///
+/// [`sha2-512`]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+#[cfg(target_os = "zkvm")]
+#[inline(always)]
+#[no_mangle]
+extern "C" fn zkvm_sha512_impl(bytes: *const u8, len: usize, output: *mut u8) {
+    openvm_platform::custom_insn_r!(opcode = OPCODE, funct3 = SHA2_FUNCT3, funct7 = Sha2BaseFunct7::Sha512 as u8, rd = In output, rs1 = In bytes, rs2 = In len);
+}
+
+/// zkvm native implementation of sha384
+/// # Safety
+///
+/// The VM accepts the preimage by pointer and length, and writes the
+/// 48-byte hash.
+/// - `bytes` must point to an input buffer at least `len` long.
+/// - `output` must point to a buffer that is at least 64-bytes long.
+///   The first 48 bytes written will be the SHA-384 digest.
+///   The last 16 bytes are zeros.
+///
+/// [`sha2-384`]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+#[cfg(target_os = "zkvm")]
+#[inline(always)]
+#[no_mangle]
+extern "C" fn zkvm_sha384_impl(bytes: *const u8, len: usize, output: *mut u8) {
+    openvm_platform::custom_insn_r!(opcode = OPCODE, funct3 = SHA2_FUNCT3, funct7 = Sha2BaseFunct7::Sha384 as u8, rd = In output, rs1 = In bytes, rs2 = In len);
+}
+
+/// Sets `output` to the sha256 hash of `input`.
+pub fn set_sha256(input: &[u8], output: &mut [u8; 32]) {
+    #[cfg(not(target_os = "zkvm"))]
+    {
+        use sha2::{Digest, Sha256};
+        let mut hasher = Sha256::new();
+        hasher.update(input);
+        output.copy_from_slice(hasher.finalize().as_ref());
+    }
+    #[cfg(target_os = "zkvm")]
+    {
+        zkvm_sha256_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
+    }
+}
+
+/// Sets `output` to the sha512 hash of `input`.
+pub fn set_sha512(input: &[u8], output: &mut [u8; 64]) {
+    #[cfg(not(target_os = "zkvm"))]
+    {
+        use sha2::{Digest, Sha512};
+        let mut hasher = Sha512::new();
+        hasher.update(input);
+        output.copy_from_slice(hasher.finalize().as_ref());
+    }
+    #[cfg(target_os = "zkvm")]
+    {
+        zkvm_sha512_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
+    }
+}
+
+/// Sets the first 48 bytes of `output` to the sha384 hash of `input`.
+/// Sets the last 16 bytes to zeros.
+pub fn set_sha384(input: &[u8], output: &mut [u8; 64]) {
+    #[cfg(not(target_os = "zkvm"))]
+    {
+        use sha2::{Digest, Sha384};
+        let mut hasher = Sha384::new();
+        hasher.update(input);
+        output[..48].copy_from_slice(hasher.finalize().as_ref());
+        output[48..].fill(0);
+    }
+    #[cfg(target_os = "zkvm")]
+    {
+        zkvm_sha384_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
+    }
+}
diff --git a/extensions/sha256/tests/Cargo.toml b/extensions/sha2/tests/Cargo.toml
similarity index 74%
rename from extensions/sha256/tests/Cargo.toml
rename to extensions/sha2/tests/Cargo.toml
index 52fb11f9ea..29e68f18b2 100644
--- a/extensions/sha256/tests/Cargo.toml
+++ b/extensions/sha2/tests/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
-name = "openvm-sha256-integration-tests"
-description = "Integration tests for the OpenVM sha256 extension"
+name = "openvm-sha2-integration-tests"
+description = "Integration tests for the OpenVM SHA-2 extension"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true
@@ -12,8 +12,8 @@ openvm-instructions = { workspace = true }
 openvm-stark-sdk.workspace = true
 openvm-circuit = { workspace = true, features = ["test-utils"] }
 openvm-transpiler.workspace = true
-openvm-sha256-transpiler.workspace = true
-openvm-sha256-circuit.workspace = true
+openvm-sha2-transpiler.workspace = true
+openvm-sha2-circuit.workspace = true
 openvm-rv32im-transpiler.workspace = true
 openvm-toolchain-tests = { path = "../../../crates/toolchain/tests" }
 eyre.workspace = true
diff --git a/extensions/sha256/tests/programs/Cargo.toml b/extensions/sha2/tests/programs/Cargo.toml
similarity index 87%
rename from extensions/sha256/tests/programs/Cargo.toml
rename to extensions/sha2/tests/programs/Cargo.toml
index dad3842cea..c02a00bf82 100644
--- a/extensions/sha256/tests/programs/Cargo.toml
+++ b/extensions/sha2/tests/programs/Cargo.toml
@@ -1,13 +1,13 @@
 [workspace]
 [package]
-name = "openvm-keccak256-test-programs"
+name = "openvm-sha2-test-programs"
 version = "0.0.0"
 edition = "2021"
 
 [dependencies]
 openvm = { path = "../../../../crates/toolchain/openvm" }
 openvm-platform = { path = "../../../../crates/toolchain/platform" }
-openvm-sha256-guest = { path = "../../guest" }
+openvm-sha2-guest = { path = "../../guest" }
 hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
 serde = { version = "1.0", default-features = false, features = [
     "alloc",
diff --git a/extensions/sha2/tests/programs/examples/sha.rs b/extensions/sha2/tests/programs/examples/sha.rs
new file mode 100644
index 0000000000..282d0bfa7b
--- /dev/null
+++ b/extensions/sha2/tests/programs/examples/sha.rs
@@ -0,0 +1,85 @@
+#![cfg_attr(not(feature = "std"), no_main)]
+#![cfg_attr(not(feature = "std"), no_std)]
+
+extern crate alloc;
+
+use alloc::vec::Vec;
+use core::hint::black_box;
+
+use hex::FromHex;
+use openvm_sha2_guest::{sha256, sha384, sha512};
+
+openvm::entry!(main);
+
+struct ShaTestVector {
+    input: &'static str,
+    expected_output_sha256: &'static str,
+    expected_output_sha512: &'static str,
+    expected_output_sha384: &'static str,
+}
+
+pub fn main() {
+    let test_vectors = [
+        ShaTestVector {
+            input: "",
+            expected_output_sha256: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+            expected_output_sha512: "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+            expected_output_sha384: "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
+        },
+        ShaTestVector {
+            input: "98c1c0bdb7d5fea9a88859f06c6c439f",
+            expected_output_sha256: "b6b2c9c9b6f30e5c66c977f1bd7ad97071bee739524aecf793384890619f2b05",
+            expected_output_sha512: "eb576959c531f116842c0cc915a29c8f71d7a285c894c349b83469002ef093d51f9f14ce4248488bff143025e47ed27c12badb9cd43779cb147408eea062d583",
+            expected_output_sha384: "63e3061aab01f335ea3a4e617b9d14af9b63a5240229164ee962f6d5335ff25f0f0bf8e46723e83c41b9d17413b6a3c7",
+        },
+        ShaTestVector {
+            input: "5b58f4163e248467cc1cd3eecafe749e8e2baaf82c0f63af06df0526347d7a11327463c115210a46b6740244eddf370be89c",
+            expected_output_sha256: "ac0e25049870b91d78ef6807bb87fce4603c81abd3c097fba2403fd18b6ce0b7",
+            expected_output_sha512: "a20d5fb14814d045a7d2861e80d2b688f1cd1daaba69e6bb1cc5233f514141ea4623b3373af702e78e3ec5dc8c1b716a37a9a2f5fbc9493b9df7043f5e99a8da",
+            expected_output_sha384: "eac4b72b0540486bc088834860873338e31e9e4062532bf509191ef63b9298c67db5654a28fe6f07e4cc6ff466d1be24",
+        },
+        ShaTestVector {
+            input: "9ad198539e3160194f38ac076a782bd5210a007560d1fce9ef78f8a4a5e4d78c6b96c250cff3520009036e9c6087d5dab587394edda862862013de49a12072485a6c01165ec0f28ffddf1873fbd53e47fcd02fb6a5ccc9622d5588a92429c663ce298cb71b50022fc2ec4ba9f5bbd250974e1a607b165fee16e8f3f2be20d7348b91a2f518ce928491900d56d9f86970611580350cee08daea7717fe28a73b8dcfdea22a65ed9f5a09198de38e4e4f2cc05b0ba3dd787a5363ab6c9f39dcb66c1a29209b1d6b1152769395df8150b4316658ea6ab19af94903d643fcb0ae4d598035ebe73c8b1b687df1ab16504f633c929569c6d0e5fae6eea43838fbc8ce2c2b43161d0addc8ccf945a9c4e06294e56a67df0000f561f61b630b1983ba403e775aaeefa8d339f669d1e09ead7eae979383eda983321e1743e5404b4b328da656de79ff52d179833a6bd5129f49432d74d001996c37c68d9ab49fcff8061d193576f396c20e1f0d9ee83a51290ba60efa9c3cb2e15b756321a7ca668cdbf63f95ec33b1c450aa100101be059dc00077245b25a6a66698dee81953ed4a606944076e2858b1420de0095a7f60b08194d6d9a997009d345c71f63a7034b976e409af8a9a040ac7113664609a7adedb76b2fadf04b0348392a1650526eb2a4d6ed5e4bbcda8aabc8488b38f4f5d9a398103536bb8250ed82a9b9825f7703c263f9e",
+            expected_output_sha256: "080ad71239852124fc26758982090611b9b19abf22d22db3a57f67a06e984a23",
+            expected_output_sha512: "8d215ee6dc26757c210db0dd00c1c6ed16cc34dbd4bb0fa10c1edb6b62d5ab16aea88c881001b173d270676daf2d6381b5eab8711fa2f5589c477c1d4b84774f",
+            expected_output_sha384: "904a90010d772a904a35572fdd4bdf1dd253742e47872c8a18e2255f66fa889e44781e65487a043f435daa53c496a53e",
+        }
+    ];
+
+    for (
+        i,
+        ShaTestVector {
+            input,
+            expected_output_sha256,
+            expected_output_sha512,
+            expected_output_sha384,
+        },
+    ) in test_vectors.iter().enumerate()
+    {
+        let input = Vec::from_hex(input).unwrap();
+        let expected_output_sha256 = Vec::from_hex(expected_output_sha256).unwrap();
+        let output = sha256(black_box(&input));
+        if output != *expected_output_sha256 {
+            panic!(
+                "sha256 test {i} failed on input: {:?}.\nexpected: {:?},\ngot: {:?}",
+                input, expected_output_sha256, output
+            );
+        }
+        let expected_output_sha512 = Vec::from_hex(expected_output_sha512).unwrap();
+        let output = sha512(black_box(&input));
+        if output != *expected_output_sha512 {
+            panic!(
+                "sha512 test {i} failed on input: {:?}.\nexpected: {:?},\ngot: {:?}",
+                input, expected_output_sha512, output
+            );
+        }
+        let expected_output_sha384 = Vec::from_hex(expected_output_sha384).unwrap();
+        let output = sha384(black_box(&input));
+        if output != *expected_output_sha384 {
+            panic!(
+                "sha384 test {i} failed on input: {:?}.\nexpected: {:?},\ngot: {:?}",
+                input, expected_output_sha384, output
+            );
+        }
+    }
+}
diff --git a/extensions/sha256/tests/src/lib.rs b/extensions/sha2/tests/src/lib.rs
similarity index 79%
rename from extensions/sha256/tests/src/lib.rs
rename to extensions/sha2/tests/src/lib.rs
index 41ea37e8ae..49361b83a9 100644
--- a/extensions/sha256/tests/src/lib.rs
+++ b/extensions/sha2/tests/src/lib.rs
@@ -6,8 +6,8 @@ mod tests {
     use openvm_rv32im_transpiler::{
         Rv32ITranspilerExtension, Rv32IoTranspilerExtension, Rv32MTranspilerExtension,
     };
-    use openvm_sha256_circuit::Sha256Rv32Config;
-    use openvm_sha256_transpiler::Sha256TranspilerExtension;
+    use openvm_sha2_circuit::Sha2Rv32Config;
+    use openvm_sha2_transpiler::Sha2TranspilerExtension;
     use openvm_stark_sdk::p3_baby_bear::BabyBear;
     use openvm_toolchain_tests::{build_example_program_at_path, get_programs_dir};
     use openvm_transpiler::{transpiler::Transpiler, FromElf};
@@ -23,9 +23,9 @@ mod tests {
                 .with_extension(Rv32ITranspilerExtension)
                 .with_extension(Rv32MTranspilerExtension)
                 .with_extension(Rv32IoTranspilerExtension)
-                .with_extension(Sha256TranspilerExtension),
+                .with_extension(Sha2TranspilerExtension),
         )?;
-        air_test(Sha256Rv32Config::default(), openvm_exe);
+        air_test(Sha2Rv32Config::default(), openvm_exe);
         Ok(())
     }
 }
diff --git a/extensions/sha256/transpiler/Cargo.toml b/extensions/sha2/transpiler/Cargo.toml
similarity index 73%
rename from extensions/sha256/transpiler/Cargo.toml
rename to extensions/sha2/transpiler/Cargo.toml
index 933859f3a8..9eff76a3db 100644
--- a/extensions/sha256/transpiler/Cargo.toml
+++ b/extensions/sha2/transpiler/Cargo.toml
@@ -1,15 +1,15 @@
 [package]
-name = "openvm-sha256-transpiler"
+name = "openvm-sha2-transpiler"
 version.workspace = true
 authors.workspace = true
 edition.workspace = true
-description = "Transpiler extension for sha256"
+description = "Transpiler extension for SHA-2"
 
 [dependencies]
 openvm-stark-backend = { workspace = true }
 openvm-instructions = { workspace = true }
 openvm-transpiler = { workspace = true }
 rrs-lib = { workspace = true }
-openvm-sha256-guest = { workspace = true }
+openvm-sha2-guest = { workspace = true }
 openvm-instructions-derive = { workspace = true }
 strum = { workspace = true }
diff --git a/extensions/sha2/transpiler/src/lib.rs b/extensions/sha2/transpiler/src/lib.rs
new file mode 100644
index 0000000000..89249ee026
--- /dev/null
+++ b/extensions/sha2/transpiler/src/lib.rs
@@ -0,0 +1,65 @@
+use openvm_instructions::{riscv::RV32_MEMORY_AS, LocalOpcode};
+use openvm_instructions_derive::LocalOpcode;
+use openvm_sha2_guest::{Sha2BaseFunct7, OPCODE, SHA2_FUNCT3};
+use openvm_stark_backend::p3_field::PrimeField32;
+use openvm_transpiler::{util::from_r_type, TranspilerExtension, TranspilerOutput};
+use rrs_lib::instruction_formats::RType;
+use strum::{EnumCount, EnumIter, FromRepr};
+
+#[derive(
+    Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, EnumCount, EnumIter, FromRepr, LocalOpcode,
+)]
+#[opcode_offset = 0x320]
+#[repr(usize)]
+pub enum Rv32Sha2Opcode {
+    SHA256,
+    SHA512,
+    SHA384,
+}
+
+#[derive(Default)]
+pub struct Sha2TranspilerExtension;
+
+impl<F: PrimeField32> TranspilerExtension<F> for Sha2TranspilerExtension {
+    fn process_custom(&self, instruction_stream: &[u32]) -> Option<TranspilerOutput<F>> {
+        if instruction_stream.is_empty() {
+            return None;
+        }
+        let instruction_u32 = instruction_stream[0];
+        let opcode = (instruction_u32 & 0x7f) as u8;
+        let funct3 = ((instruction_u32 >> 12) & 0b111) as u8;
+
+        if (opcode, funct3) != (OPCODE, SHA2_FUNCT3) {
+            return None;
+        }
+        let dec_insn = RType::new(instruction_u32);
+
+        if dec_insn.funct7 == Sha2BaseFunct7::Sha256 as u32 {
+            let instruction = from_r_type(
+                Rv32Sha2Opcode::SHA256.global_opcode().as_usize(),
+                RV32_MEMORY_AS as usize,
+                &dec_insn,
+                true,
+            );
+            Some(TranspilerOutput::one_to_one(instruction))
+        } else if dec_insn.funct7 == Sha2BaseFunct7::Sha512 as u32 {
+            let instruction = from_r_type(
+                Rv32Sha2Opcode::SHA512.global_opcode().as_usize(),
+                RV32_MEMORY_AS as usize,
+                &dec_insn,
+                true,
+            );
+            Some(TranspilerOutput::one_to_one(instruction))
+        } else if dec_insn.funct7 == Sha2BaseFunct7::Sha384 as u32 {
+            let instruction = from_r_type(
+                Rv32Sha2Opcode::SHA384.global_opcode().as_usize(),
+                RV32_MEMORY_AS as usize,
+                &dec_insn,
+                true,
+            );
+            Some(TranspilerOutput::one_to_one(instruction))
+        } else {
+            None
+        }
+    }
+}
diff --git a/extensions/sha256/circuit/src/lib.rs b/extensions/sha256/circuit/src/lib.rs
deleted file mode 100644
index fe0844f902..0000000000
--- a/extensions/sha256/circuit/src/lib.rs
+++ /dev/null
@@ -1,5 +0,0 @@
-mod sha256_chip;
-pub use sha256_chip::*;
-
-mod extension;
-pub use extension::*;
diff --git a/extensions/sha256/circuit/src/sha256_chip/air.rs b/extensions/sha256/circuit/src/sha256_chip/air.rs
deleted file mode 100644
index 0487314ea0..0000000000
--- a/extensions/sha256/circuit/src/sha256_chip/air.rs
+++ /dev/null
@@ -1,593 +0,0 @@
-use std::{array, borrow::Borrow, cmp::min};
-
-use openvm_circuit::{
-    arch::ExecutionBridge,
-    system::memory::{offline_checker::MemoryBridge, MemoryAddress},
-};
-use openvm_circuit_primitives::{
-    bitwise_op_lookup::BitwiseOperationLookupBus, encoder::Encoder, utils::not, SubAir,
-};
-use openvm_instructions::{
-    riscv::{RV32_CELL_BITS, RV32_MEMORY_AS, RV32_REGISTER_AS, RV32_REGISTER_NUM_LIMBS},
-    LocalOpcode,
-};
-use openvm_sha256_air::{
-    compose, Sha256Air, SHA256_BLOCK_U8S, SHA256_HASH_WORDS, SHA256_ROUNDS_PER_ROW,
-    SHA256_WORD_U16S, SHA256_WORD_U8S,
-};
-use openvm_sha256_transpiler::Rv32Sha256Opcode;
-use openvm_stark_backend::{
-    interaction::InteractionBuilder,
-    p3_air::{Air, AirBuilder, BaseAir},
-    p3_field::{Field, FieldAlgebra},
-    p3_matrix::Matrix,
-    rap::{BaseAirWithPublicValues, PartitionedBaseAir},
-};
-
-use super::{
-    Sha256VmDigestCols, Sha256VmRoundCols, SHA256VM_CONTROL_WIDTH, SHA256VM_DIGEST_WIDTH,
-    SHA256VM_ROUND_WIDTH, SHA256VM_WIDTH, SHA256_READ_SIZE,
-};
-
-/// Sha256VmAir does all constraints related to message padding and
-/// the Sha256Air subair constrains the actual hash
-#[derive(Clone, Debug, derive_new::new)]
-pub struct Sha256VmAir {
-    pub execution_bridge: ExecutionBridge,
-    pub memory_bridge: MemoryBridge,
-    /// Bus to send byte checks to
-    pub bitwise_lookup_bus: BitwiseOperationLookupBus,
-    /// Maximum number of bits allowed for an address pointer
-    /// Must be at least 24
-    pub ptr_max_bits: usize,
-    pub(super) sha256_subair: Sha256Air,
-    pub(super) padding_encoder: Encoder,
-}
-
-impl<F: Field> BaseAirWithPublicValues<F> for Sha256VmAir {}
-impl<F: Field> PartitionedBaseAir<F> for Sha256VmAir {}
-impl<F: Field> BaseAir<F> for Sha256VmAir {
-    fn width(&self) -> usize {
-        SHA256VM_WIDTH
-    }
-}
-
-impl<AB: InteractionBuilder> Air<AB> for Sha256VmAir {
-    fn eval(&self, builder: &mut AB) {
-        self.eval_padding(builder);
-        self.eval_transitions(builder);
-        self.eval_reads(builder);
-        self.eval_last_row(builder);
-
-        self.sha256_subair.eval(builder, SHA256VM_CONTROL_WIDTH);
-    }
-}
-
-#[allow(dead_code, non_camel_case_types)]
-pub(super) enum PaddingFlags {
-    /// Not considered for padding - W's are not constrained
-    NotConsidered,
-    /// Not padding - W's should be equal to the message
-    NotPadding,
-    /// FIRST_PADDING_i: it is the first row with padding and there are i cells of non-padding
-    FirstPadding0,
-    FirstPadding1,
-    FirstPadding2,
-    FirstPadding3,
-    FirstPadding4,
-    FirstPadding5,
-    FirstPadding6,
-    FirstPadding7,
-    FirstPadding8,
-    FirstPadding9,
-    FirstPadding10,
-    FirstPadding11,
-    FirstPadding12,
-    FirstPadding13,
-    FirstPadding14,
-    FirstPadding15,
-    /// FIRST_PADDING_i_LastRow: it is the first row with padding and there are i cells of non-padding
-    ///                          AND it is the last reading row of the message
-    /// NOTE: if the Last row has padding it has to be at least 9 cells since the last 8 cells are padded with
-    /// the message length
-    FirstPadding0_LastRow,
-    FirstPadding1_LastRow,
-    FirstPadding2_LastRow,
-    FirstPadding3_LastRow,
-    FirstPadding4_LastRow,
-    FirstPadding5_LastRow,
-    FirstPadding6_LastRow,
-    FirstPadding7_LastRow,
-    /// The entire row is padding AND it is not the first row with padding
-    /// AND it is the 4th row of the last block of the message
-    EntirePaddingLastRow,
-    /// The entire row is padding AND it is not the first row with padding
-    EntirePadding,
-}
-
-impl PaddingFlags {
-    /// The number of padding flags (including NotConsidered)
-    pub const COUNT: usize = EntirePadding as usize + 1;
-}
-
-use PaddingFlags::*;
-impl Sha256VmAir {
-    /// Implement all necessary constraints for the padding
-    fn eval_padding<AB: InteractionBuilder>(&self, builder: &mut AB) {
-        let main = builder.main();
-        let (local, next) = (main.row_slice(0), main.row_slice(1));
-        let local_cols: &Sha256VmRoundCols<AB::Var> = local[..SHA256VM_ROUND_WIDTH].borrow();
-        let next_cols: &Sha256VmRoundCols<AB::Var> = next[..SHA256VM_ROUND_WIDTH].borrow();
-
-        // Constrain the sanity of the padding flags
-        self.padding_encoder
-            .eval(builder, &local_cols.control.pad_flags);
-
-        builder.assert_one(self.padding_encoder.contains_flag_range::<AB>(
-            &local_cols.control.pad_flags,
-            NotConsidered as usize..=EntirePadding as usize,
-        ));
-
-        Self::eval_padding_transitions(self, builder, local_cols, next_cols);
-        Self::eval_padding_row(self, builder, local_cols);
-    }
-
-    fn eval_padding_transitions<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256VmRoundCols<AB::Var>,
-        next: &Sha256VmRoundCols<AB::Var>,
-    ) {
-        let next_is_last_row = next.inner.flags.is_digest_row * next.inner.flags.is_last_block;
-
-        // Constrain that `padding_occured` is 1 on a suffix of rows in each message, excluding the last
-        // digest row, and 0 everywhere else. Furthermore, the suffix starts in the first 4 rows of some block.
-
-        builder.assert_bool(local.control.padding_occurred);
-        // Last round row in the last block has padding_occurred = 1
-        // This is the end of the suffix
-        builder
-            .when(next_is_last_row.clone())
-            .assert_one(local.control.padding_occurred);
-
-        // Digest row in the last block has padding_occurred = 0
-        builder
-            .when(next_is_last_row.clone())
-            .assert_zero(next.control.padding_occurred);
-
-        // If padding_occurred = 1 in the current row, then padding_occurred = 1 in the next row,
-        // unless next is the last digest row
-        builder
-            .when(local.control.padding_occurred - next_is_last_row.clone())
-            .assert_one(next.control.padding_occurred);
-
-        // If next row is not first 4 rows of a block, then next.padding_occurred = local.padding_occurred.
-        // So padding_occurred only changes in the first 4 rows of a block.
-        builder
-            .when_transition()
-            .when(not(next.inner.flags.is_first_4_rows) - next_is_last_row)
-            .assert_eq(
-                next.control.padding_occurred,
-                local.control.padding_occurred,
-            );
-
-        // Constrain the that the start of the padding is correct
-        let next_is_first_padding_row =
-            next.control.padding_occurred - local.control.padding_occurred;
-        // Row index if its between 0..4, else 0
-        let next_row_idx = self.sha256_subair.row_idx_encoder.flag_with_val::<AB>(
-            &next.inner.flags.row_idx,
-            &(0..4).map(|x| (x, x)).collect::<Vec<_>>(),
-        );
-        // How many non-padding cells there are in the next row.
-        // Will be 0 on non-padding rows.
-        let next_padding_offset = self.padding_encoder.flag_with_val::<AB>(
-            &next.control.pad_flags,
-            &(0..16)
-                .map(|i| (FirstPadding0 as usize + i, i))
-                .collect::<Vec<_>>(),
-        ) + self.padding_encoder.flag_with_val::<AB>(
-            &next.control.pad_flags,
-            &(0..8)
-                .map(|i| (FirstPadding0_LastRow as usize + i, i))
-                .collect::<Vec<_>>(),
-        );
-
-        // Will be 0 on last digest row since:
-        //   - padding_occurred = 0 is constrained above
-        //   - next_row_idx = 0 since row_idx is not in 0..4
-        //   - and next_padding_offset = 0 since `pad_flags = NotConsidered`
-        let expected_len = next.inner.flags.local_block_idx
-            * next.control.padding_occurred
-            * AB::Expr::from_canonical_usize(SHA256_BLOCK_U8S)
-            + next_row_idx * AB::Expr::from_canonical_usize(SHA256_READ_SIZE)
-            + next_padding_offset;
-
-        // Note: `next_is_first_padding_row` is either -1,0,1
-        // If 1, then this constrains the length of message
-        // If -1, then `next` must be the last digest row and so this constraint will be 0 == 0
-        builder.when(next_is_first_padding_row).assert_eq(
-            expected_len,
-            next.control.len * next.control.padding_occurred,
-        );
-
-        // Constrain the padding flags are of correct type (eg is not padding or first padding)
-        let is_next_first_padding = self.padding_encoder.contains_flag_range::<AB>(
-            &next.control.pad_flags,
-            FirstPadding0 as usize..=FirstPadding7_LastRow as usize,
-        );
-
-        let is_next_last_padding = self.padding_encoder.contains_flag_range::<AB>(
-            &next.control.pad_flags,
-            FirstPadding0_LastRow as usize..=EntirePaddingLastRow as usize,
-        );
-
-        let is_next_entire_padding = self.padding_encoder.contains_flag_range::<AB>(
-            &next.control.pad_flags,
-            EntirePaddingLastRow as usize..=EntirePadding as usize,
-        );
-
-        let is_next_not_considered = self
-            .padding_encoder
-            .contains_flag::<AB>(&next.control.pad_flags, &[NotConsidered as usize]);
-
-        let is_next_not_padding = self
-            .padding_encoder
-            .contains_flag::<AB>(&next.control.pad_flags, &[NotPadding as usize]);
-
-        let is_next_4th_row = self
-            .sha256_subair
-            .row_idx_encoder
-            .contains_flag::<AB>(&next.inner.flags.row_idx, &[3]);
-
-        // `pad_flags` is `NotConsidered` on all rows except the first 4 rows of a block
-        builder.assert_eq(
-            not(next.inner.flags.is_first_4_rows),
-            is_next_not_considered,
-        );
-
-        // `pad_flags` is `EntirePadding` if the previous row is padding
-        builder.when(next.inner.flags.is_first_4_rows).assert_eq(
-            local.control.padding_occurred * next.control.padding_occurred,
-            is_next_entire_padding,
-        );
-
-        // `pad_flags` is `FirstPadding*` if current row is padding and the previous row is not padding
-        builder.when(next.inner.flags.is_first_4_rows).assert_eq(
-            not(local.control.padding_occurred) * next.control.padding_occurred,
-            is_next_first_padding,
-        );
-
-        // `pad_flags` is `NotPadding` if current row is not padding
-        builder
-            .when(next.inner.flags.is_first_4_rows)
-            .assert_eq(not(next.control.padding_occurred), is_next_not_padding);
-
-        // `pad_flags` is `*LastRow` on the row that contsrains the last four words of the message
-        builder
-            .when(next.inner.flags.is_last_block)
-            .assert_eq(is_next_4th_row, is_next_last_padding);
-    }
-
-    fn eval_padding_row<AB: InteractionBuilder>(
-        &self,
-        builder: &mut AB,
-        local: &Sha256VmRoundCols<AB::Var>,
-    ) {
-        let message: [AB::Var; SHA256_READ_SIZE] = array::from_fn(|i| {
-            local.inner.message_schedule.carry_or_buffer[i / (SHA256_WORD_U8S)]
-                [i % (SHA256_WORD_U8S)]
-        });
-
-        let get_ith_byte = |i: usize| {
-            let word_idx = i / SHA256_ROUNDS_PER_ROW;
-            let word = local.inner.message_schedule.w[word_idx].map(|x| x.into());
-            // Need to reverse the byte order to match the endianness of the memory
-            let byte_idx = 4 - i % 4 - 1;
-            compose::<AB::Expr>(&word[byte_idx * 8..(byte_idx + 1) * 8], 1)
-        };
-
-        let is_not_padding = self
-            .padding_encoder
-            .contains_flag::<AB>(&local.control.pad_flags, &[NotPadding as usize]);
-
-        // Check the `w`s on case by case basis
-        for (i, message_byte) in message.iter().enumerate() {
-            let w = get_ith_byte(i);
-            let should_be_message = is_not_padding.clone()
-                + if i < 15 {
-                    self.padding_encoder.contains_flag_range::<AB>(
-                        &local.control.pad_flags,
-                        FirstPadding0 as usize + i + 1..=FirstPadding15 as usize,
-                    )
-                } else {
-                    AB::Expr::ZERO
-                }
-                + if i < 7 {
-                    self.padding_encoder.contains_flag_range::<AB>(
-                        &local.control.pad_flags,
-                        FirstPadding0_LastRow as usize + i + 1..=FirstPadding7_LastRow as usize,
-                    )
-                } else {
-                    AB::Expr::ZERO
-                };
-            builder
-                .when(should_be_message)
-                .assert_eq(w.clone(), *message_byte);
-
-            let should_be_zero = self
-                .padding_encoder
-                .contains_flag::<AB>(&local.control.pad_flags, &[EntirePadding as usize])
-                + if i < 12 {
-                    self.padding_encoder.contains_flag::<AB>(
-                        &local.control.pad_flags,
-                        &[EntirePaddingLastRow as usize],
-                    ) + if i > 0 {
-                        self.padding_encoder.contains_flag_range::<AB>(
-                            &local.control.pad_flags,
-                            FirstPadding0_LastRow as usize
-                                ..=min(
-                                    FirstPadding0_LastRow as usize + i - 1,
-                                    FirstPadding7_LastRow as usize,
-                                ),
-                        )
-                    } else {
-                        AB::Expr::ZERO
-                    }
-                } else {
-                    AB::Expr::ZERO
-                }
-                + if i > 0 {
-                    self.padding_encoder.contains_flag_range::<AB>(
-                        &local.control.pad_flags,
-                        FirstPadding0 as usize..=FirstPadding0 as usize + i - 1,
-                    )
-                } else {
-                    AB::Expr::ZERO
-                };
-            builder.when(should_be_zero).assert_zero(w.clone());
-
-            // Assumes bit-length of message is a multiple of 8 (message is bytes)
-            // This is true because the message is given as &[u8]
-            let should_be_128 = self
-                .padding_encoder
-                .contains_flag::<AB>(&local.control.pad_flags, &[FirstPadding0 as usize + i])
-                + if i < 8 {
-                    self.padding_encoder.contains_flag::<AB>(
-                        &local.control.pad_flags,
-                        &[FirstPadding0_LastRow as usize + i],
-                    )
-                } else {
-                    AB::Expr::ZERO
-                };
-
-            builder
-                .when(should_be_128)
-                .assert_eq(AB::Expr::from_canonical_u32(1 << 7), w);
-
-            // should be len is handled outside of the loop
-        }
-        let appended_len = compose::<AB::Expr>(
-            &[
-                get_ith_byte(15),
-                get_ith_byte(14),
-                get_ith_byte(13),
-                get_ith_byte(12),
-            ],
-            RV32_CELL_BITS,
-        );
-
-        let actual_len = local.control.len;
-
-        let is_last_padding_row = self.padding_encoder.contains_flag_range::<AB>(
-            &local.control.pad_flags,
-            FirstPadding0_LastRow as usize..=EntirePaddingLastRow as usize,
-        );
-
-        builder.when(is_last_padding_row.clone()).assert_eq(
-            appended_len * AB::F::from_canonical_usize(RV32_CELL_BITS).inverse(), // bit to byte conversion
-            actual_len,
-        );
-
-        // We constrain that the appended length is in bytes
-        builder.when(is_last_padding_row.clone()).assert_zero(
-            local.inner.message_schedule.w[3][0]
-                + local.inner.message_schedule.w[3][1]
-                + local.inner.message_schedule.w[3][2],
-        );
-
-        // We can't support messages longer than 2^30 bytes because the length has to fit in a field element.
-        // So, constrain that the first 4 bytes of the length are 0.
-        // Thus, the bit-length is < 2^32 so the message is < 2^29 bytes.
-        for i in 8..12 {
-            builder
-                .when(is_last_padding_row.clone())
-                .assert_zero(get_ith_byte(i));
-        }
-    }
-    /// Implement constraints on `len`, `read_ptr` and `cur_timestamp`
-    fn eval_transitions<AB: InteractionBuilder>(&self, builder: &mut AB) {
-        let main = builder.main();
-        let (local, next) = (main.row_slice(0), main.row_slice(1));
-        let local_cols: &Sha256VmRoundCols<AB::Var> = local[..SHA256VM_ROUND_WIDTH].borrow();
-        let next_cols: &Sha256VmRoundCols<AB::Var> = next[..SHA256VM_ROUND_WIDTH].borrow();
-
-        let is_last_row =
-            local_cols.inner.flags.is_last_block * local_cols.inner.flags.is_digest_row;
-
-        // Len should be the same for the entire message
-        builder
-            .when_transition()
-            .when(not::<AB::Expr>(is_last_row.clone()))
-            .assert_eq(next_cols.control.len, local_cols.control.len);
-
-        // Read ptr should increment by [SHA256_READ_SIZE] for the first 4 rows and stay the same otherwise
-        let read_ptr_delta = local_cols.inner.flags.is_first_4_rows
-            * AB::Expr::from_canonical_usize(SHA256_READ_SIZE);
-        builder
-            .when_transition()
-            .when(not::<AB::Expr>(is_last_row.clone()))
-            .assert_eq(
-                next_cols.control.read_ptr,
-                local_cols.control.read_ptr + read_ptr_delta,
-            );
-
-        // Timestamp should increment by 1 for the first 4 rows and stay the same otherwise
-        let timestamp_delta = local_cols.inner.flags.is_first_4_rows * AB::Expr::ONE;
-        builder
-            .when_transition()
-            .when(not::<AB::Expr>(is_last_row.clone()))
-            .assert_eq(
-                next_cols.control.cur_timestamp,
-                local_cols.control.cur_timestamp + timestamp_delta,
-            );
-    }
-
-    /// Implement the reads for the first 4 rows of a block
-    fn eval_reads<AB: InteractionBuilder>(&self, builder: &mut AB) {
-        let main = builder.main();
-        let local = main.row_slice(0);
-        let local_cols: &Sha256VmRoundCols<AB::Var> = local[..SHA256VM_ROUND_WIDTH].borrow();
-
-        let message: [AB::Var; SHA256_READ_SIZE] = array::from_fn(|i| {
-            local_cols.inner.message_schedule.carry_or_buffer[i / (SHA256_WORD_U16S * 2)]
-                [i % (SHA256_WORD_U16S * 2)]
-        });
-
-        self.memory_bridge
-            .read(
-                MemoryAddress::new(
-                    AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
-                    local_cols.control.read_ptr,
-                ),
-                message,
-                local_cols.control.cur_timestamp,
-                &local_cols.read_aux,
-            )
-            .eval(builder, local_cols.inner.flags.is_first_4_rows);
-    }
-    /// Implement the constraints for the last row of a message
-    fn eval_last_row<AB: InteractionBuilder>(&self, builder: &mut AB) {
-        let main = builder.main();
-        let local = main.row_slice(0);
-        let local_cols: &Sha256VmDigestCols<AB::Var> = local[..SHA256VM_DIGEST_WIDTH].borrow();
-
-        let timestamp: AB::Var = local_cols.from_state.timestamp;
-        let mut timestamp_delta: usize = 0;
-        let mut timestamp_pp = || {
-            timestamp_delta += 1;
-            timestamp + AB::Expr::from_canonical_usize(timestamp_delta - 1)
-        };
-
-        let is_last_row =
-            local_cols.inner.flags.is_last_block * local_cols.inner.flags.is_digest_row;
-
-        self.memory_bridge
-            .read(
-                MemoryAddress::new(
-                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
-                    local_cols.rd_ptr,
-                ),
-                local_cols.dst_ptr,
-                timestamp_pp(),
-                &local_cols.register_reads_aux[0],
-            )
-            .eval(builder, is_last_row.clone());
-
-        self.memory_bridge
-            .read(
-                MemoryAddress::new(
-                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
-                    local_cols.rs1_ptr,
-                ),
-                local_cols.src_ptr,
-                timestamp_pp(),
-                &local_cols.register_reads_aux[1],
-            )
-            .eval(builder, is_last_row.clone());
-
-        self.memory_bridge
-            .read(
-                MemoryAddress::new(
-                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
-                    local_cols.rs2_ptr,
-                ),
-                local_cols.len_data,
-                timestamp_pp(),
-                &local_cols.register_reads_aux[2],
-            )
-            .eval(builder, is_last_row.clone());
-
-        // range check that the memory pointers don't overflow
-        // Note: no need to range check the length since we read from memory step by step and
-        //       the memory bus will catch any memory accesses beyond ptr_max_bits
-        let shift = AB::Expr::from_canonical_usize(
-            1 << (RV32_REGISTER_NUM_LIMBS * RV32_CELL_BITS - self.ptr_max_bits),
-        );
-        // This only works if self.ptr_max_bits >= 24 which is typically the case
-        self.bitwise_lookup_bus
-            .send_range(
-                // It is fine to shift like this since we already know that dst_ptr and src_ptr have [RV32_CELL_BITS] bits
-                local_cols.dst_ptr[RV32_REGISTER_NUM_LIMBS - 1] * shift.clone(),
-                local_cols.src_ptr[RV32_REGISTER_NUM_LIMBS - 1] * shift.clone(),
-            )
-            .eval(builder, is_last_row.clone());
-
-        // the number of reads that happened to read the entire message: we do 4 reads per block
-        let time_delta = (local_cols.inner.flags.local_block_idx + AB::Expr::ONE)
-            * AB::Expr::from_canonical_usize(4);
-        // Every time we read the message we increment the read pointer by SHA256_READ_SIZE
-        let read_ptr_delta = time_delta.clone() * AB::Expr::from_canonical_usize(SHA256_READ_SIZE);
-
-        let result: [AB::Var; SHA256_WORD_U8S * SHA256_HASH_WORDS] = array::from_fn(|i| {
-            // The limbs are written in big endian order to the memory so need to be reversed
-            local_cols.inner.final_hash[i / SHA256_WORD_U8S]
-                [SHA256_WORD_U8S - i % SHA256_WORD_U8S - 1]
-        });
-
-        let dst_ptr_val =
-            compose::<AB::Expr>(&local_cols.dst_ptr.map(|x| x.into()), RV32_CELL_BITS);
-
-        // Note: revisit in the future to do 2 block writes of 16 cells instead of 1 block write of 32 cells
-        //       This could be beneficial as the output is often an input for another hash
-        self.memory_bridge
-            .write(
-                MemoryAddress::new(AB::Expr::from_canonical_u32(RV32_MEMORY_AS), dst_ptr_val),
-                result,
-                timestamp_pp() + time_delta.clone(),
-                &local_cols.writes_aux,
-            )
-            .eval(builder, is_last_row.clone());
-
-        self.execution_bridge
-            .execute_and_increment_pc(
-                AB::Expr::from_canonical_usize(Rv32Sha256Opcode::SHA256.global_opcode().as_usize()),
-                [
-                    local_cols.rd_ptr.into(),
-                    local_cols.rs1_ptr.into(),
-                    local_cols.rs2_ptr.into(),
-                    AB::Expr::from_canonical_u32(RV32_REGISTER_AS),
-                    AB::Expr::from_canonical_u32(RV32_MEMORY_AS),
-                ],
-                local_cols.from_state,
-                AB::Expr::from_canonical_usize(timestamp_delta) + time_delta.clone(),
-            )
-            .eval(builder, is_last_row.clone());
-
-        // Assert that we read the correct length of the message
-        let len_val = compose::<AB::Expr>(&local_cols.len_data.map(|x| x.into()), RV32_CELL_BITS);
-        builder
-            .when(is_last_row.clone())
-            .assert_eq(local_cols.control.len, len_val);
-        // Assert that we started reading from the correct pointer initially
-        let src_val = compose::<AB::Expr>(&local_cols.src_ptr.map(|x| x.into()), RV32_CELL_BITS);
-        builder
-            .when(is_last_row.clone())
-            .assert_eq(local_cols.control.read_ptr, src_val + read_ptr_delta);
-        // Assert that we started reading from the correct timestamp
-        builder.when(is_last_row.clone()).assert_eq(
-            local_cols.control.cur_timestamp,
-            local_cols.from_state.timestamp + AB::Expr::from_canonical_u32(3) + time_delta,
-        );
-    }
-}
diff --git a/extensions/sha256/circuit/src/sha256_chip/columns.rs b/extensions/sha256/circuit/src/sha256_chip/columns.rs
deleted file mode 100644
index a24014e51c..0000000000
--- a/extensions/sha256/circuit/src/sha256_chip/columns.rs
+++ /dev/null
@@ -1,67 +0,0 @@
-//! WARNING: the order of fields in the structs is important, do not change it
-
-use openvm_circuit::{
-    arch::ExecutionState,
-    system::memory::offline_checker::{MemoryReadAuxCols, MemoryWriteAuxCols},
-};
-use openvm_circuit_primitives::AlignedBorrow;
-use openvm_instructions::riscv::RV32_REGISTER_NUM_LIMBS;
-use openvm_sha256_air::{Sha256DigestCols, Sha256RoundCols};
-
-use super::{SHA256_REGISTER_READS, SHA256_WRITE_SIZE};
-
-/// the first 16 rows of every SHA256 block will be of type Sha256VmRoundCols and the last row will be of type Sha256VmDigestCols
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256VmRoundCols<T> {
-    pub control: Sha256VmControlCols<T>,
-    pub inner: Sha256RoundCols<T>,
-    pub read_aux: MemoryReadAuxCols<T>,
-}
-
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256VmDigestCols<T> {
-    pub control: Sha256VmControlCols<T>,
-    pub inner: Sha256DigestCols<T>,
-
-    pub from_state: ExecutionState<T>,
-    /// It is counter intuitive, but we will constrain the register reads on the very last row of every message
-    pub rd_ptr: T,
-    pub rs1_ptr: T,
-    pub rs2_ptr: T,
-    pub dst_ptr: [T; RV32_REGISTER_NUM_LIMBS],
-    pub src_ptr: [T; RV32_REGISTER_NUM_LIMBS],
-    pub len_data: [T; RV32_REGISTER_NUM_LIMBS],
-    pub register_reads_aux: [MemoryReadAuxCols<T>; SHA256_REGISTER_READS],
-    pub writes_aux: MemoryWriteAuxCols<T, SHA256_WRITE_SIZE>,
-}
-
-/// These are the columns that are used on both round and digest rows
-#[repr(C)]
-#[derive(Clone, Copy, Debug, AlignedBorrow)]
-pub struct Sha256VmControlCols<T> {
-    /// Note: We will use the buffer in `inner.message_schedule` as the message data
-    /// This is the length of the entire message in bytes
-    pub len: T,
-    /// Need to keep timestamp and read_ptr since block reads don't have the necessary information
-    pub cur_timestamp: T,
-    pub read_ptr: T,
-    /// Padding flags which will be used to encode the the number of non-padding cells in the current row
-    pub pad_flags: [T; 6],
-    /// A boolean flag that indicates whether a padding already occurred
-    pub padding_occurred: T,
-}
-
-/// Width of the Sha256VmControlCols
-pub const SHA256VM_CONTROL_WIDTH: usize = Sha256VmControlCols::<u8>::width();
-/// Width of the Sha256VmRoundCols
-pub const SHA256VM_ROUND_WIDTH: usize = Sha256VmRoundCols::<u8>::width();
-/// Width of the Sha256VmDigestCols
-pub const SHA256VM_DIGEST_WIDTH: usize = Sha256VmDigestCols::<u8>::width();
-/// Width of the Sha256Cols
-pub const SHA256VM_WIDTH: usize = if SHA256VM_ROUND_WIDTH > SHA256VM_DIGEST_WIDTH {
-    SHA256VM_ROUND_WIDTH
-} else {
-    SHA256VM_DIGEST_WIDTH
-};
diff --git a/extensions/sha256/circuit/src/sha256_chip/mod.rs b/extensions/sha256/circuit/src/sha256_chip/mod.rs
deleted file mode 100644
index 5b9bf7bb46..0000000000
--- a/extensions/sha256/circuit/src/sha256_chip/mod.rs
+++ /dev/null
@@ -1,205 +0,0 @@
-//! Sha256 hasher. Handles full sha256 hashing with padding.
-//! variable length inputs read from VM memory.
-use std::{
-    array,
-    cmp::{max, min},
-    sync::{Arc, Mutex},
-};
-
-use openvm_circuit::arch::{
-    ExecutionBridge, ExecutionError, ExecutionState, InstructionExecutor, SystemPort,
-};
-use openvm_circuit_primitives::{
-    bitwise_op_lookup::SharedBitwiseOperationLookupChip, encoder::Encoder,
-};
-use openvm_instructions::{
-    instruction::Instruction,
-    program::DEFAULT_PC_STEP,
-    riscv::{RV32_CELL_BITS, RV32_MEMORY_AS, RV32_REGISTER_AS},
-    LocalOpcode,
-};
-use openvm_rv32im_circuit::adapters::read_rv32_register;
-use openvm_sha256_air::{Sha256Air, SHA256_BLOCK_BITS};
-use openvm_sha256_transpiler::Rv32Sha256Opcode;
-use openvm_stark_backend::{interaction::BusIndex, p3_field::PrimeField32};
-use serde::{Deserialize, Serialize};
-use sha2::{Digest, Sha256};
-
-mod air;
-mod columns;
-mod trace;
-
-pub use air::*;
-pub use columns::*;
-use openvm_circuit::system::memory::{MemoryController, OfflineMemory, RecordId};
-
-#[cfg(test)]
-mod tests;
-
-// ==== Constants for register/memory adapter ====
-/// Register reads to get dst, src, len
-const SHA256_REGISTER_READS: usize = 3;
-/// Number of cells to read in a single memory access
-const SHA256_READ_SIZE: usize = 16;
-/// Number of cells to write in a single memory access
-const SHA256_WRITE_SIZE: usize = 32;
-/// Number of rv32 cells read in a SHA256 block
-pub const SHA256_BLOCK_CELLS: usize = SHA256_BLOCK_BITS / RV32_CELL_BITS;
-/// Number of rows we will do a read on for each SHA256 block
-pub const SHA256_NUM_READ_ROWS: usize = SHA256_BLOCK_CELLS / SHA256_READ_SIZE;
-pub struct Sha256VmChip<F: PrimeField32> {
-    pub air: Sha256VmAir,
-    /// IO and memory data necessary for each opcode call
-    pub records: Vec<Sha256Record<F>>,
-    pub offline_memory: Arc<Mutex<OfflineMemory<F>>>,
-    pub bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-
-    offset: usize,
-}
-
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
-pub struct Sha256Record<F> {
-    pub from_state: ExecutionState<F>,
-    pub dst_read: RecordId,
-    pub src_read: RecordId,
-    pub len_read: RecordId,
-    pub input_records: Vec<[RecordId; SHA256_NUM_READ_ROWS]>,
-    pub input_message: Vec<[[u8; SHA256_READ_SIZE]; SHA256_NUM_READ_ROWS]>,
-    pub digest_write: RecordId,
-}
-
-impl<F: PrimeField32> Sha256VmChip<F> {
-    pub fn new(
-        SystemPort {
-            execution_bus,
-            program_bus,
-            memory_bridge,
-        }: SystemPort,
-        address_bits: usize,
-        bitwise_lookup_chip: SharedBitwiseOperationLookupChip<8>,
-        self_bus_idx: BusIndex,
-        offset: usize,
-        offline_memory: Arc<Mutex<OfflineMemory<F>>>,
-    ) -> Self {
-        Self {
-            air: Sha256VmAir::new(
-                ExecutionBridge::new(execution_bus, program_bus),
-                memory_bridge,
-                bitwise_lookup_chip.bus(),
-                address_bits,
-                Sha256Air::new(bitwise_lookup_chip.bus(), self_bus_idx),
-                Encoder::new(PaddingFlags::COUNT, 2, false),
-            ),
-            bitwise_lookup_chip,
-            records: Vec::new(),
-            offset,
-            offline_memory,
-        }
-    }
-}
-
-impl<F: PrimeField32> InstructionExecutor<F> for Sha256VmChip<F> {
-    fn execute(
-        &mut self,
-        memory: &mut MemoryController<F>,
-        instruction: &Instruction<F>,
-        from_state: ExecutionState<u32>,
-    ) -> Result<ExecutionState<u32>, ExecutionError> {
-        let &Instruction {
-            opcode,
-            a,
-            b,
-            c,
-            d,
-            e,
-            ..
-        } = instruction;
-        let local_opcode = opcode.local_opcode_idx(self.offset);
-        debug_assert_eq!(local_opcode, Rv32Sha256Opcode::SHA256.local_usize());
-        debug_assert_eq!(d, F::from_canonical_u32(RV32_REGISTER_AS));
-        debug_assert_eq!(e, F::from_canonical_u32(RV32_MEMORY_AS));
-
-        debug_assert_eq!(from_state.timestamp, memory.timestamp());
-
-        let (dst_read, dst) = read_rv32_register(memory, d, a);
-        let (src_read, src) = read_rv32_register(memory, d, b);
-        let (len_read, len) = read_rv32_register(memory, d, c);
-
-        #[cfg(debug_assertions)]
-        {
-            assert!(dst < (1 << self.air.ptr_max_bits));
-            assert!(src < (1 << self.air.ptr_max_bits));
-            assert!(len < (1 << self.air.ptr_max_bits));
-        }
-
-        // need to pad with one 1 bit, 64 bits for the message length and then pad until the length is divisible by [SHA256_BLOCK_BITS]
-        let num_blocks = ((len << 3) as usize + 1 + 64).div_ceil(SHA256_BLOCK_BITS);
-
-        // we will read [num_blocks] * [SHA256_BLOCK_CELLS] cells but only [len] cells will be used
-        debug_assert!(
-            src as usize + num_blocks * SHA256_BLOCK_CELLS <= (1 << self.air.ptr_max_bits)
-        );
-        let mut hasher = Sha256::new();
-        let mut input_records = Vec::with_capacity(num_blocks * SHA256_NUM_READ_ROWS);
-        let mut input_message = Vec::with_capacity(num_blocks * SHA256_NUM_READ_ROWS);
-        let mut read_ptr = src;
-        for _ in 0..num_blocks {
-            let block_reads_records = array::from_fn(|i| {
-                memory.read(
-                    e,
-                    F::from_canonical_u32(read_ptr + (i * SHA256_READ_SIZE) as u32),
-                )
-            });
-            let block_reads_bytes = array::from_fn(|i| {
-                // we add to the hasher only the bytes that are part of the message
-                let num_reads = min(
-                    SHA256_READ_SIZE,
-                    (max(read_ptr, src + len) - read_ptr) as usize,
-                );
-                let row_input = block_reads_records[i]
-                    .1
-                    .map(|x| x.as_canonical_u32().try_into().unwrap());
-                hasher.update(&row_input[..num_reads]);
-                read_ptr += SHA256_READ_SIZE as u32;
-                row_input
-            });
-            input_records.push(block_reads_records.map(|x| x.0));
-            input_message.push(block_reads_bytes);
-        }
-
-        let mut digest = [0u8; SHA256_WRITE_SIZE];
-        digest.copy_from_slice(hasher.finalize().as_ref());
-        let (digest_write, _) = memory.write(
-            e,
-            F::from_canonical_u32(dst),
-            digest.map(|b| F::from_canonical_u8(b)),
-        );
-
-        self.records.push(Sha256Record {
-            from_state: from_state.map(F::from_canonical_u32),
-            dst_read,
-            src_read,
-            len_read,
-            input_records,
-            input_message,
-            digest_write,
-        });
-
-        Ok(ExecutionState {
-            pc: from_state.pc + DEFAULT_PC_STEP,
-            timestamp: memory.timestamp(),
-        })
-    }
-
-    fn get_opcode_name(&self, _: usize) -> String {
-        "SHA256".to_string()
-    }
-}
-
-pub fn sha256_solve(input_message: &[u8]) -> [u8; SHA256_WRITE_SIZE] {
-    let mut hasher = Sha256::new();
-    hasher.update(input_message);
-    let mut output = [0u8; SHA256_WRITE_SIZE];
-    output.copy_from_slice(hasher.finalize().as_ref());
-    output
-}
diff --git a/extensions/sha256/circuit/src/sha256_chip/trace.rs b/extensions/sha256/circuit/src/sha256_chip/trace.rs
deleted file mode 100644
index 0d51a21368..0000000000
--- a/extensions/sha256/circuit/src/sha256_chip/trace.rs
+++ /dev/null
@@ -1,350 +0,0 @@
-use std::{array, borrow::BorrowMut, sync::Arc};
-
-use openvm_circuit_primitives::utils::next_power_of_two_or_zero;
-use openvm_instructions::riscv::{RV32_CELL_BITS, RV32_REGISTER_NUM_LIMBS};
-use openvm_rv32im_circuit::adapters::compose;
-use openvm_sha256_air::{
-    get_flag_pt_array, limbs_into_u32, Sha256Air, SHA256_BLOCK_WORDS, SHA256_BUFFER_SIZE, SHA256_H,
-    SHA256_HASH_WORDS, SHA256_ROWS_PER_BLOCK, SHA256_WORD_U8S,
-};
-use openvm_stark_backend::{
-    config::{StarkGenericConfig, Val},
-    p3_air::BaseAir,
-    p3_field::{FieldAlgebra, PrimeField32},
-    p3_matrix::dense::RowMajorMatrix,
-    p3_maybe_rayon::prelude::*,
-    prover::types::AirProofInput,
-    rap::get_air_name,
-    AirRef, Chip, ChipUsageGetter,
-};
-
-use super::{
-    Sha256VmChip, Sha256VmDigestCols, Sha256VmRoundCols, SHA256VM_CONTROL_WIDTH,
-    SHA256VM_DIGEST_WIDTH, SHA256VM_ROUND_WIDTH,
-};
-use crate::{
-    sha256_chip::{PaddingFlags, SHA256_READ_SIZE},
-    SHA256_BLOCK_CELLS,
-};
-
-impl<SC: StarkGenericConfig> Chip<SC> for Sha256VmChip<Val<SC>>
-where
-    Val<SC>: PrimeField32,
-{
-    fn air(&self) -> AirRef<SC> {
-        Arc::new(self.air.clone())
-    }
-
-    fn generate_air_proof_input(self) -> AirProofInput<SC> {
-        let non_padded_height = self.current_trace_height();
-        let height = next_power_of_two_or_zero(non_padded_height);
-        let width = self.trace_width();
-        let mut values = Val::<SC>::zero_vec(height * width);
-        if height == 0 {
-            return AirProofInput::simple_no_pis(RowMajorMatrix::new(values, width));
-        }
-        let records = self.records;
-        let offline_memory = self.offline_memory.lock().unwrap();
-        let memory_aux_cols_factory = offline_memory.aux_cols_factory();
-
-        let mem_ptr_shift: u32 =
-            1 << (RV32_REGISTER_NUM_LIMBS * RV32_CELL_BITS - self.air.ptr_max_bits);
-
-        let mut states = Vec::with_capacity(height.div_ceil(SHA256_ROWS_PER_BLOCK));
-        let mut global_block_idx = 0;
-        for (record_idx, record) in records.iter().enumerate() {
-            let dst_read = offline_memory.record_by_id(record.dst_read);
-            let src_read = offline_memory.record_by_id(record.src_read);
-            let len_read = offline_memory.record_by_id(record.len_read);
-
-            self.bitwise_lookup_chip.request_range(
-                dst_read
-                    .data_at(RV32_REGISTER_NUM_LIMBS - 1)
-                    .as_canonical_u32()
-                    * mem_ptr_shift,
-                src_read
-                    .data_at(RV32_REGISTER_NUM_LIMBS - 1)
-                    .as_canonical_u32()
-                    * mem_ptr_shift,
-            );
-            let len = compose(len_read.data_slice().try_into().unwrap());
-            let mut state = &None;
-            for (i, input_message) in record.input_message.iter().enumerate() {
-                let input_message = input_message
-                    .iter()
-                    .flatten()
-                    .copied()
-                    .collect::<Vec<_>>()
-                    .try_into()
-                    .unwrap();
-                states.push(Some(Self::generate_state(
-                    state,
-                    input_message,
-                    record_idx,
-                    len,
-                    i == record.input_records.len() - 1,
-                )));
-                state = &states[global_block_idx];
-                global_block_idx += 1;
-            }
-        }
-        states.extend(
-            std::iter::repeat(None)
-                .take((height - non_padded_height).div_ceil(SHA256_ROWS_PER_BLOCK)),
-        );
-
-        // During the first pass we will fill out most of the matrix
-        // But there are some cells that can't be generated by the first pass so we will do a second pass over the matrix
-        values
-            .par_chunks_mut(width * SHA256_ROWS_PER_BLOCK)
-            .zip(states.into_par_iter().enumerate())
-            .for_each(|(block, (global_block_idx, state))| {
-                // Fill in a valid block
-                if let Some(state) = state {
-                    let mut has_padding_occurred =
-                        state.local_block_idx * SHA256_BLOCK_CELLS > state.message_len as usize;
-                    let message_left = if has_padding_occurred {
-                        0
-                    } else {
-                        state.message_len as usize - state.local_block_idx * SHA256_BLOCK_CELLS
-                    };
-                    let is_last_block = state.is_last_block;
-                    let buffer: [[Val<SC>; SHA256_BUFFER_SIZE]; 4] = array::from_fn(|j| {
-                        array::from_fn(|k| {
-                            Val::<SC>::from_canonical_u8(
-                                state.block_input_message[j * SHA256_BUFFER_SIZE + k],
-                            )
-                        })
-                    });
-
-                    let padded_message: [u32; SHA256_BLOCK_WORDS] = array::from_fn(|j| {
-                        limbs_into_u32::<RV32_REGISTER_NUM_LIMBS>(array::from_fn(|k| {
-                            state.block_padded_message[(j + 1) * SHA256_WORD_U8S - k - 1] as u32
-                        }))
-                    });
-
-                    self.air.sha256_subair.generate_block_trace::<Val<SC>>(
-                        block,
-                        width,
-                        SHA256VM_CONTROL_WIDTH,
-                        &padded_message,
-                        self.bitwise_lookup_chip.clone(),
-                        &state.hash,
-                        is_last_block,
-                        global_block_idx as u32 + 1,
-                        state.local_block_idx as u32,
-                        &buffer,
-                    );
-
-                    let block_reads = records[state.message_idx].input_records
-                        [state.local_block_idx]
-                        .map(|record_id| offline_memory.record_by_id(record_id));
-
-                    let mut read_ptr = block_reads[0].pointer;
-                    let mut cur_timestamp = Val::<SC>::from_canonical_u32(block_reads[0].timestamp);
-
-                    let read_size = Val::<SC>::from_canonical_usize(SHA256_READ_SIZE);
-                    for row in 0..SHA256_ROWS_PER_BLOCK {
-                        let row_slice = &mut block[row * width..(row + 1) * width];
-                        if row < 16 {
-                            let cols: &mut Sha256VmRoundCols<Val<SC>> =
-                                row_slice[..SHA256VM_ROUND_WIDTH].borrow_mut();
-                            cols.control.len = Val::<SC>::from_canonical_u32(state.message_len);
-                            cols.control.read_ptr = read_ptr;
-                            cols.control.cur_timestamp = cur_timestamp;
-                            if row < 4 {
-                                read_ptr += read_size;
-                                cur_timestamp += Val::<SC>::ONE;
-                                memory_aux_cols_factory
-                                    .generate_read_aux(block_reads[row], &mut cols.read_aux);
-
-                                if (row + 1) * SHA256_READ_SIZE <= message_left {
-                                    cols.control.pad_flags = get_flag_pt_array(
-                                        &self.air.padding_encoder,
-                                        PaddingFlags::NotPadding as usize,
-                                    )
-                                    .map(Val::<SC>::from_canonical_u32);
-                                } else if !has_padding_occurred {
-                                    has_padding_occurred = true;
-                                    let len = message_left - row * SHA256_READ_SIZE;
-                                    cols.control.pad_flags = get_flag_pt_array(
-                                        &self.air.padding_encoder,
-                                        if row == 3 && is_last_block {
-                                            PaddingFlags::FirstPadding0_LastRow
-                                        } else {
-                                            PaddingFlags::FirstPadding0
-                                        } as usize
-                                            + len,
-                                    )
-                                    .map(Val::<SC>::from_canonical_u32);
-                                } else {
-                                    cols.control.pad_flags = get_flag_pt_array(
-                                        &self.air.padding_encoder,
-                                        if row == 3 && is_last_block {
-                                            PaddingFlags::EntirePaddingLastRow
-                                        } else {
-                                            PaddingFlags::EntirePadding
-                                        } as usize,
-                                    )
-                                    .map(Val::<SC>::from_canonical_u32);
-                                }
-                            } else {
-                                cols.control.pad_flags = get_flag_pt_array(
-                                    &self.air.padding_encoder,
-                                    PaddingFlags::NotConsidered as usize,
-                                )
-                                .map(Val::<SC>::from_canonical_u32);
-                            }
-                            cols.control.padding_occurred =
-                                Val::<SC>::from_bool(has_padding_occurred);
-                        } else {
-                            if is_last_block {
-                                has_padding_occurred = false;
-                            }
-                            let cols: &mut Sha256VmDigestCols<Val<SC>> =
-                                row_slice[..SHA256VM_DIGEST_WIDTH].borrow_mut();
-                            cols.control.len = Val::<SC>::from_canonical_u32(state.message_len);
-                            cols.control.read_ptr = read_ptr;
-                            cols.control.cur_timestamp = cur_timestamp;
-                            cols.control.pad_flags = get_flag_pt_array(
-                                &self.air.padding_encoder,
-                                PaddingFlags::NotConsidered as usize,
-                            )
-                            .map(Val::<SC>::from_canonical_u32);
-                            if is_last_block {
-                                let record = &records[state.message_idx];
-                                let dst_read = offline_memory.record_by_id(record.dst_read);
-                                let src_read = offline_memory.record_by_id(record.src_read);
-                                let len_read = offline_memory.record_by_id(record.len_read);
-                                let digest_write = offline_memory.record_by_id(record.digest_write);
-                                cols.from_state = record.from_state;
-                                cols.rd_ptr = dst_read.pointer;
-                                cols.rs1_ptr = src_read.pointer;
-                                cols.rs2_ptr = len_read.pointer;
-                                cols.dst_ptr.copy_from_slice(dst_read.data_slice());
-                                cols.src_ptr.copy_from_slice(src_read.data_slice());
-                                cols.len_data.copy_from_slice(len_read.data_slice());
-                                memory_aux_cols_factory
-                                    .generate_read_aux(dst_read, &mut cols.register_reads_aux[0]);
-                                memory_aux_cols_factory
-                                    .generate_read_aux(src_read, &mut cols.register_reads_aux[1]);
-                                memory_aux_cols_factory
-                                    .generate_read_aux(len_read, &mut cols.register_reads_aux[2]);
-                                memory_aux_cols_factory
-                                    .generate_write_aux(digest_write, &mut cols.writes_aux);
-                            }
-                            cols.control.padding_occurred =
-                                Val::<SC>::from_bool(has_padding_occurred);
-                        }
-                    }
-                }
-                // Fill in the invalid rows
-                else {
-                    block.par_chunks_mut(width).for_each(|row| {
-                        let cols: &mut Sha256VmRoundCols<Val<SC>> = row.borrow_mut();
-                        self.air.sha256_subair.generate_default_row(&mut cols.inner);
-                    })
-                }
-            });
-
-        // Do a second pass over the trace to fill in the missing values
-        // Note, we need to skip the very first row
-        values[width..]
-            .par_chunks_mut(width * SHA256_ROWS_PER_BLOCK)
-            .take(non_padded_height / SHA256_ROWS_PER_BLOCK)
-            .for_each(|chunk| {
-                self.air
-                    .sha256_subair
-                    .generate_missing_cells(chunk, width, SHA256VM_CONTROL_WIDTH);
-            });
-
-        AirProofInput::simple_no_pis(RowMajorMatrix::new(values, width))
-    }
-}
-
-impl<F: PrimeField32> ChipUsageGetter for Sha256VmChip<F> {
-    fn air_name(&self) -> String {
-        get_air_name(&self.air)
-    }
-    fn current_trace_height(&self) -> usize {
-        self.records.iter().fold(0, |acc, record| {
-            acc + record.input_records.len() * SHA256_ROWS_PER_BLOCK
-        })
-    }
-
-    fn trace_width(&self) -> usize {
-        BaseAir::<F>::width(&self.air)
-    }
-}
-
-/// This is the state information that a block will use to generate its trace
-#[derive(Debug, Clone)]
-struct Sha256State {
-    hash: [u32; SHA256_HASH_WORDS],
-    local_block_idx: usize,
-    message_len: u32,
-    block_input_message: [u8; SHA256_BLOCK_CELLS],
-    block_padded_message: [u8; SHA256_BLOCK_CELLS],
-    message_idx: usize,
-    is_last_block: bool,
-}
-
-impl<F: PrimeField32> Sha256VmChip<F> {
-    fn generate_state(
-        prev_state: &Option<Sha256State>,
-        block_input_message: [u8; SHA256_BLOCK_CELLS],
-        message_idx: usize,
-        message_len: u32,
-        is_last_block: bool,
-    ) -> Sha256State {
-        let local_block_idx = if let Some(prev_state) = prev_state {
-            prev_state.local_block_idx + 1
-        } else {
-            0
-        };
-        let has_padding_occurred = local_block_idx * SHA256_BLOCK_CELLS > message_len as usize;
-        let message_left = if has_padding_occurred {
-            0
-        } else {
-            message_len as usize - local_block_idx * SHA256_BLOCK_CELLS
-        };
-
-        let padded_message_bytes: [u8; SHA256_BLOCK_CELLS] = array::from_fn(|j| {
-            if j < message_left {
-                block_input_message[j]
-            } else if j == message_left && !has_padding_occurred {
-                1 << (RV32_CELL_BITS - 1)
-            } else if !is_last_block || j < SHA256_BLOCK_CELLS - 4 {
-                0u8
-            } else {
-                let shift_amount = (SHA256_BLOCK_CELLS - j - 1) * RV32_CELL_BITS;
-                ((message_len * RV32_CELL_BITS as u32)
-                    .checked_shr(shift_amount as u32)
-                    .unwrap_or(0)
-                    & ((1 << RV32_CELL_BITS) - 1)) as u8
-            }
-        });
-
-        if let Some(prev_state) = prev_state {
-            Sha256State {
-                hash: Sha256Air::get_block_hash(&prev_state.hash, prev_state.block_padded_message),
-                local_block_idx,
-                message_len,
-                block_input_message,
-                block_padded_message: padded_message_bytes,
-                message_idx,
-                is_last_block,
-            }
-        } else {
-            Sha256State {
-                hash: SHA256_H,
-                local_block_idx: 0,
-                message_len,
-                block_input_message,
-                block_padded_message: padded_message_bytes,
-                message_idx,
-                is_last_block,
-            }
-        }
-    }
-}
diff --git a/extensions/sha256/guest/src/lib.rs b/extensions/sha256/guest/src/lib.rs
deleted file mode 100644
index cb34bcd5aa..0000000000
--- a/extensions/sha256/guest/src/lib.rs
+++ /dev/null
@@ -1,45 +0,0 @@
-#![no_std]
-
-/// This is custom-0 defined in RISC-V spec document
-pub const OPCODE: u8 = 0x0b;
-pub const SHA256_FUNCT3: u8 = 0b100;
-pub const SHA256_FUNCT7: u8 = 0x1;
-
-/// The sha256 cryptographic hash function.
-#[inline(always)]
-pub fn sha256(input: &[u8]) -> [u8; 32] {
-    let mut output = [0u8; 32];
-    set_sha256(input, &mut output);
-    output
-}
-
-/// zkvm native implementation of sha256
-/// # Safety
-///
-/// The VM accepts the preimage by pointer and length, and writes the
-/// 32-byte hash.
-/// - `bytes` must point to an input buffer at least `len` long.
-/// - `output` must point to a buffer that is at least 32-bytes long.
-///
-/// [`sha2-256`]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
-#[cfg(target_os = "zkvm")]
-#[inline(always)]
-#[no_mangle]
-extern "C" fn zkvm_sha256_impl(bytes: *const u8, len: usize, output: *mut u8) {
-    openvm_platform::custom_insn_r!(opcode = OPCODE, funct3 = SHA256_FUNCT3, funct7 = SHA256_FUNCT7, rd = In output, rs1 = In bytes, rs2 = In len);
-}
-
-/// Sets `output` to the sha256 hash of `input`.
-pub fn set_sha256(input: &[u8], output: &mut [u8; 32]) {
-    #[cfg(not(target_os = "zkvm"))]
-    {
-        use sha2::{Digest, Sha256};
-        let mut hasher = Sha256::new();
-        hasher.update(input);
-        output.copy_from_slice(hasher.finalize().as_ref());
-    }
-    #[cfg(target_os = "zkvm")]
-    {
-        zkvm_sha256_impl(input.as_ptr(), input.len(), output.as_mut_ptr() as *mut u8);
-    }
-}
diff --git a/extensions/sha256/tests/programs/examples/sha.rs b/extensions/sha256/tests/programs/examples/sha.rs
deleted file mode 100644
index fffbc677a7..0000000000
--- a/extensions/sha256/tests/programs/examples/sha.rs
+++ /dev/null
@@ -1,30 +0,0 @@
-#![cfg_attr(not(feature = "std"), no_main)]
-#![cfg_attr(not(feature = "std"), no_std)]
-
-extern crate alloc;
-
-use alloc::vec::Vec;
-use core::hint::black_box;
-
-use hex::FromHex;
-use openvm_sha256_guest::sha256;
-
-openvm::entry!(main);
-
-pub fn main() {
-    let test_vectors = [
-        ("", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"),
-        ("98c1c0bdb7d5fea9a88859f06c6c439f", "b6b2c9c9b6f30e5c66c977f1bd7ad97071bee739524aecf793384890619f2b05"),
-        ("5b58f4163e248467cc1cd3eecafe749e8e2baaf82c0f63af06df0526347d7a11327463c115210a46b6740244eddf370be89c", "ac0e25049870b91d78ef6807bb87fce4603c81abd3c097fba2403fd18b6ce0b7"),
-        ("9ad198539e3160194f38ac076a782bd5210a007560d1fce9ef78f8a4a5e4d78c6b96c250cff3520009036e9c6087d5dab587394edda862862013de49a12072485a6c01165ec0f28ffddf1873fbd53e47fcd02fb6a5ccc9622d5588a92429c663ce298cb71b50022fc2ec4ba9f5bbd250974e1a607b165fee16e8f3f2be20d7348b91a2f518ce928491900d56d9f86970611580350cee08daea7717fe28a73b8dcfdea22a65ed9f5a09198de38e4e4f2cc05b0ba3dd787a5363ab6c9f39dcb66c1a29209b1d6b1152769395df8150b4316658ea6ab19af94903d643fcb0ae4d598035ebe73c8b1b687df1ab16504f633c929569c6d0e5fae6eea43838fbc8ce2c2b43161d0addc8ccf945a9c4e06294e56a67df0000f561f61b630b1983ba403e775aaeefa8d339f669d1e09ead7eae979383eda983321e1743e5404b4b328da656de79ff52d179833a6bd5129f49432d74d001996c37c68d9ab49fcff8061d193576f396c20e1f0d9ee83a51290ba60efa9c3cb2e15b756321a7ca668cdbf63f95ec33b1c450aa100101be059dc00077245b25a6a66698dee81953ed4a606944076e2858b1420de0095a7f60b08194d6d9a997009d345c71f63a7034b976e409af8a9a040ac7113664609a7adedb76b2fadf04b0348392a1650526eb2a4d6ed5e4bbcda8aabc8488b38f4f5d9a398103536bb8250ed82a9b9825f7703c263f9e", "080ad71239852124fc26758982090611b9b19abf22d22db3a57f67a06e984a23")
-
-    ];
-    for (input, expected_output) in test_vectors.iter() {
-        let input = Vec::from_hex(input).unwrap();
-        let expected_output = Vec::from_hex(expected_output).unwrap();
-        let output = sha256(&black_box(input));
-        if output != *expected_output {
-            panic!();
-        }
-    }
-}
diff --git a/extensions/sha256/transpiler/src/lib.rs b/extensions/sha256/transpiler/src/lib.rs
deleted file mode 100644
index 6b13efe055..0000000000
--- a/extensions/sha256/transpiler/src/lib.rs
+++ /dev/null
@@ -1,46 +0,0 @@
-use openvm_instructions::{riscv::RV32_MEMORY_AS, LocalOpcode};
-use openvm_instructions_derive::LocalOpcode;
-use openvm_sha256_guest::{OPCODE, SHA256_FUNCT3, SHA256_FUNCT7};
-use openvm_stark_backend::p3_field::PrimeField32;
-use openvm_transpiler::{util::from_r_type, TranspilerExtension, TranspilerOutput};
-use rrs_lib::instruction_formats::RType;
-use strum::{EnumCount, EnumIter, FromRepr};
-
-#[derive(
-    Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, EnumCount, EnumIter, FromRepr, LocalOpcode,
-)]
-#[opcode_offset = 0x320]
-#[repr(usize)]
-pub enum Rv32Sha256Opcode {
-    SHA256,
-}
-
-#[derive(Default)]
-pub struct Sha256TranspilerExtension;
-
-impl<F: PrimeField32> TranspilerExtension<F> for Sha256TranspilerExtension {
-    fn process_custom(&self, instruction_stream: &[u32]) -> Option<TranspilerOutput<F>> {
-        if instruction_stream.is_empty() {
-            return None;
-        }
-        let instruction_u32 = instruction_stream[0];
-        let opcode = (instruction_u32 & 0x7f) as u8;
-        let funct3 = ((instruction_u32 >> 12) & 0b111) as u8;
-
-        if (opcode, funct3) != (OPCODE, SHA256_FUNCT3) {
-            return None;
-        }
-        let dec_insn = RType::new(instruction_u32);
-
-        if dec_insn.funct7 != SHA256_FUNCT7 as u32 {
-            return None;
-        }
-        let instruction = from_r_type(
-            Rv32Sha256Opcode::SHA256.global_opcode().as_usize(),
-            RV32_MEMORY_AS as usize,
-            &dec_insn,
-            true,
-        );
-        Some(TranspilerOutput::one_to_one(instruction))
-    }
-}