use 35 rounds for poseidon hash, update poseidon constants from sage script for 35 rounds

This commit is contained in:
poma 2020-10-27 13:23:41 +03:00
parent 47f33f2275
commit afb4eff954
No known key found for this signature in database
GPG Key ID: BA20CB01FE165657
6 changed files with 692 additions and 3483 deletions

@ -43,10 +43,9 @@ template Poseidon(nInputs) {
// Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8)
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t
var N_ROUNDS_P[8] = [56, 57, 56, 60, 60, 63, 64, 63];
var t = nInputs + 1;
var nRoundsF = 8;
var nRoundsP = N_ROUNDS_P[t - 2];
var nRoundsP = 35;
var C[t*(nRoundsF + nRoundsP)] = POSEIDON_C(t);
var M[t][t] = POSEIDON_M(t);

File diff suppressed because one or more lines are too long

@ -15,32 +15,32 @@ const { C, M } = unstringifyBigInts(require("./poseidon_constants.json"));
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t
const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63];
const N_ROUNDS_P = 35;
const pow5 = a => F.mul(a, F.square(F.square(a, a)));
function poseidon(inputs) {
assert(inputs.length > 0);
assert(inputs.length < N_ROUNDS_P.length - 1);
assert(inputs.length < 5);
const t = inputs.length + 1;
const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2];
const nRoundsP = N_ROUNDS_P;
let state = [...inputs.map(a => bigInt(a)), F.zero];
for (let r = 0; r < nRoundsF + nRoundsP; r++) {
state = state.map((a, i) => F.add(a, C[t - 2][r * t + i]));
state = state.map((a, i) => F.add(a, bigInt(C[t - 2][r * t + i])));
if (r < nRoundsF / 2 || r >= nRoundsF / 2 + nRoundsP) {
state = state.map(a => pow5(a));
} else {
state[0] = pow5(state[0]);
}
// no matrix multiplication in the last round
if (r < nRoundsF + nRoundsP - 1) {
state = state.map((_, i) =>
state.reduce((acc, a, j) => F.add(acc, F.mul(M[t - 2][j][i], a)), F.zero)
state.reduce((acc, a, j) => F.add(acc, F.mul(bigInt(M[t - 2][j][i]), a)), F.zero)
);
}
}

File diff suppressed because it is too large Load Diff

@ -9,9 +9,12 @@ const Web3Utils = require("web3-utils");
const { C:K, M } = unstringifyBigInts(require("./poseidon_constants.json"));
const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63];
const N_ROUNDS_P = 35;
function toHex256(a) {
if (typeof a === "string" && a.startsWith("0x")) {
return a;
}
let S = a.toString(16);
while (S.length < 64) S="0"+S;
return "0x" + S;
@ -19,10 +22,10 @@ function toHex256(a) {
function createCode(nInputs) {
if (( nInputs<1) || (nInputs>8)) throw new Error("Invalid number of inputs. Must be 1<=nInputs<=8");
if (( nInputs<1) || (nInputs>4)) throw new Error("Invalid number of inputs. Must be 1<=nInputs<=8");
const t = nInputs + 1;
const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2];
const nRoundsP = N_ROUNDS_P;
const C = new Contract();

@ -23,7 +23,7 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([1, 2])", async () => {
const hash = poseidon([1, 2]);
assert.equal("17117985411748610629288516079940078114952304104811071254131751175361957805920", hash.toString());
assert.equal("0x11ad302b36a2d7e09653c8e90618f00c06cd0a7348e52cdf2ccced3c3abec679", "0x" + hash.toString(16));
const w = await circuit2.calculateWitness({inputs: [1, 2]}, true);
const res = w[circuit2.getSignalIdx("main.out")];
assert.equal(res.toString(), hash.toString());
@ -32,7 +32,7 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([3, 4])", async () => {
const hash = poseidon([3, 4]);
assert.equal("21867347236198497199818917118739170715216974132230970409806500217655788551452", hash.toString());
assert.equal("0x23939f0972e764d6e252060279aabaca8ec650ab30b17d2c13551bec2a66bcef", "0x" + hash.toString(16));
const w = await circuit2.calculateWitness({inputs: [3, 4]});
const res = w[circuit2.getSignalIdx("main.out")];
assert.equal(res.toString(), hash.toString());
@ -42,7 +42,7 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([1, 2, 3, 4])", async () => {
const hash = poseidon([1, 2, 3, 4]);
assert.equal("10501812514110530158422365608831771203648472822841727510887411206067265790462", hash.toString());
assert.equal("0x2e4fb80ce74868b0d33f4acb22071d8d8f8da7d30ebf972e6e4f72a64bb0633f", "0x" + hash.toString(16));
const w = await circuit4.calculateWitness({inputs: [1, 2, 3, 4]});
const res = w[circuit4.getSignalIdx("main.out")];
assert.equal(res.toString(), hash.toString());
@ -51,7 +51,7 @@ describe("Poseidon Circuit test", function () {
it("Should check constrain of hash([5, 6, 7, 8])", async () => {
const hash = poseidon([5, 6, 7, 8]);
assert.equal("20761996991478317428195238015626872345373101531750069996451149877836620406299", hash.toString());
assert.equal("0x2a3fc67aa97766917ee06e927f35fd70f4655ad6c1f2e7bcd5c5c85aa3a8a974", "0x" + hash.toString(16));
const w = await circuit4.calculateWitness({inputs: [5, 6, 7, 8]});
const res = w[circuit4.getSignalIdx("main.out")];
assert.equal(res.toString(), hash.toString());