tornado-packages/circomlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use 35 rounds for poseidon hash, update poseidon constants from sage script for 35 rounds

Browse Source 
(cherry picked from commit afb4eff954c6a43f3b30c0792459416a26f1cf3f)
This commit is contained in:
poma 2020-10-27 13:23:41 +03:00
parent f4e209728e
commit d20d53411d
No known key found for this signature in database
GPG Key ID: BA20CB01FE165657
5 changed files with 686 additions and 3478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
circuits/poseidon.circom
View File

@ -43,10 +43,9 @@ template Poseidon(nInputs) {
// Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8) // Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8)
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py // Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t // And rounded up to nearest integer that divides by t
var N_ROUNDS_P[8] = [56, 57, 56, 60, 60, 63, 64, 63];
var t = nInputs + 1; var t = nInputs + 1;
var nRoundsF = 8; var nRoundsF = 8;
var nRoundsP = N_ROUNDS_P[t - 2]; var nRoundsP = 35;
var C[t*(nRoundsF + nRoundsP)] = POSEIDON_C(t); var C[t*(nRoundsF + nRoundsP)] = POSEIDON_C(t);
var M[t][t] = POSEIDON_M(t); var M[t][t] = POSEIDON_M(t);

86
circuits/poseidon_constants.circom
View File

File diff suppressed because one or more lines are too long

11
src/poseidon.js
View File

@ -14,22 +14,21 @@ const { C, M } = unstringifyBigInts(require("./poseidon_constants.json"));
// Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py // Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
// And rounded up to nearest integer that divides by t // And rounded up to nearest integer that divides by t
const N_ROUNDS_F = 8; const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63]; const N_ROUNDS_P = 35;
const pow5 = a => F.mul(a, F.square(F.square(a, a))); const pow5 = a => F.mul(a, F.square(F.square(a, a)));
function poseidon(inputs) { function poseidon(inputs) {
assert(inputs.length > 0); assert(inputs.length > 0);
assert(inputs.length < N_ROUNDS_P.length - 1); assert(inputs.length < 5);
const t = inputs.length + 1; const t = inputs.length + 1;
const nRoundsF = N_ROUNDS_F; const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2]; const nRoundsP = N_ROUNDS_P;
let state = [...inputs.map(a => F.e(a)), F.zero]; let state = [...inputs.map(a => F.e(a)), F.zero];
for (let r = 0; r < nRoundsF + nRoundsP; r++) { for (let r = 0; r < nRoundsF + nRoundsP; r++) {
state = state.map((a, i) => F.add(a, C[t - 2][r * t + i])); state = state.map((a, i) => F.add(a, BigInt(C[t - 2][r * t + i])));
if (r < nRoundsF / 2 || r >= nRoundsF / 2 + nRoundsP) { if (r < nRoundsF / 2 || r >= nRoundsF / 2 + nRoundsP) {
state = state.map(a => pow5(a)); state = state.map(a => pow5(a));
} else { } else {
@ -39,7 +38,7 @@ function poseidon(inputs) {
// no matrix multiplication in the last round // no matrix multiplication in the last round
if (r < nRoundsF + nRoundsP - 1) { if (r < nRoundsF + nRoundsP - 1) {
state = state.map((_, i) => state = state.map((_, i) =>
state.reduce((acc, a, j) => F.add(acc, F.mul(M[t - 2][j][i], a)), F.zero) state.reduce((acc, a, j) => F.add(acc, F.mul(BigInt(M[t - 2][j][i]), a)), F.zero)
); );
} }
} }

4055
src/poseidon_constants.json
View File

File diff suppressed because it is too large Load Diff

9
src/poseidon_gencontract.js
View File

@ -9,9 +9,12 @@ const Web3Utils = require("web3-utils");
const { C:K, M } = unstringifyBigInts(require("./poseidon_constants.json")); const { C:K, M } = unstringifyBigInts(require("./poseidon_constants.json"));
const N_ROUNDS_F = 8; const N_ROUNDS_F = 8;
const N_ROUNDS_P = [56, 57, 56, 60, 60, 63, 64, 63]; const N_ROUNDS_P = 35;
function toHex256(a) { function toHex256(a) {
if (typeof a === "string" && a.startsWith("0x")) {
return a;
}
let S = a.toString(16); let S = a.toString(16);
while (S.length < 64) S="0"+S; while (S.length < 64) S="0"+S;
return "0x" + S; return "0x" + S;
@ -19,10 +22,10 @@ function toHex256(a) {
function createCode(nInputs) { function createCode(nInputs) {
if (( nInputs<1) || (nInputs>8)) throw new Error("Invalid number of inputs. Must be 1<=nInputs<=8"); if (( nInputs<1) || (nInputs>4)) throw new Error("Invalid number of inputs. Must be 1<=nInputs<=8");
const t = nInputs + 1; const t = nInputs + 1;
const nRoundsF = N_ROUNDS_F; const nRoundsF = N_ROUNDS_F;
const nRoundsP = N_ROUNDS_P[t - 2]; const nRoundsP = N_ROUNDS_P;
const C = new Contract(); const C = new Contract();