Giulio

I rerun the cost benchmarking and update the [cost](https://github.com/algorand/go-algorand/pull/5978/files#diff-ab0f8735d77364f4410c8b3a7af228ef2f318ea0dc6a6516524d2ede859037a0R803-R811) for the `mimc` opcode, now it is more precise. Before it was overestimated because I didn't know about the `1 'tick'...

`bmodexp` is useful also in different scenarios with smaller inputs so we should not penalize those cost-wise, for instance all ZKP protocols based on elliptic curves use it and they...

> I'm doing this from phone, but `maxStringSize` is the AVM max of 4096? That's unusual for the bmath functions, they normally have a maximum of 128 bytes. I suppose...

> Just to close the loop, is the suggestion that this: `x = exponent_length * max(base_length, modulus_length)**2` will work for the cost function (with appropriate scaling)? Looks reasonable to me,...

I benchmarked `bmodexp` on my own and `exponent_length * max(base_length, modulus_length)**2` looks reasonable to me. I benchmarked using the same byte length for all three inputs, base, mode, and exp...

> @giuliop how about re-running modexp_1024+ (like `-count=64 I guess)` to get a better avg value? sure, I rerun using `-benchtime=64x` to have 64 runs (except for 4096 bytes which...

Looking back at benchmark the 4096 byte length case for all three parameters takes 9 sec to run, so it's not feasible on the AVM unfortunately. @jannotti what would you...

> All is not lost, RSA keys seem to be at most 4k BITS, not BYTES. Does that end up being 8^3 cheaper because of the squaring of the multiplicand...

For the cost function I would use this formula to determine the actual opcode cost, i.e., the number of ticks: `max(base_lenght, mod_lenght)^1.63 * exp_length / 15 + 200` where lenght...

I think option 3 can work, developers can always check at runtime if needed the sizes of their inputs and manage in the code the cases where the opcode budget...