17 releases (9 breaking)
new 0.22.1 | Nov 22, 2023 |
---|---|
0.21.0 | Jun 28, 2023 |
0.20.0 | Oct 26, 2022 |
0.18.0-rc.0 | Feb 24, 2022 |
0.15.0-pre.0 | Mar 22, 2021 |
#1425 in Cryptography
883 downloads per month
Used in 11 crates
(via dusk-poseidon)
61KB
370 lines
Hades252
Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.
Documentation
To generate the Hades252
documentation:
make doc
make doc-internal
Use
To import Hades252
, add the following to the dependencies section of your project's Cargo.toml
:
dusk-hades = "0.16.0"
Hades252
has a width
equals to 5
; it's possible to use a different value,
see How to generate the assets.
Parameters
-
p =
0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
-
Security level is 117 -120 bits of security [NCCG] bits.
-
width = 5
-
Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has
WIDTH
quintic S-Boxes. -
Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.
-
Number of round constants = 960
Example for ScalarStrategy
use dusk_bls12_381::BlsScalar;
use dusk_hades::{ScalarStrategy, Strategy, WIDTH};
// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`
let input = vec![BlsScalar::from(1u64); dusk_hades::WIDTH];
let mut output = input.clone();
let mut strategy = ScalarStrategy::new();
strategy.perm(output.as_mut_slice());
assert_ne!(&input, &output);
assert_eq!(input.len(), output.len());
Example for GadgetStrategy
// Proving that we know the pre-image of a hades-252 hash.
use dusk_hades::{GadgetStrategy, Strategy, WIDTH};
use dusk_plonk::prelude::*;
// Setup OG params.
const CAPACITY: usize = 1 << 10;
let public_parameters = PublicParameters::setup(CAPACITY, &mut rand::thread_rng()).unwrap();
let (ck, vk) = public_parameters.trim(CAPACITY).unwrap();;
// Gen inputs
let mut inputs = [BlsScalar::one(); WIDTH];
let mut prover = Prover::new(b"Hades_Testing");
// Generate the witness data
let mut composer = prover.composer_mut();
let zero = TurboComposer::constant_zero();
let mut witness = [zero; WIDTH];
witness.iter_mut()
.zip(inputs.iter())
.for_each(|(w, i)| *w = composer.append_witness(*i));
// Perform the permutation in the circuit
GadgetStrategy::gadget(prover.composer_mut(), &mut witness);
// Now your composer has been filled with a hades permutation
// inside.
// Now you can build your proof or keep extending your circuit.
Deviations
-
Round constants for the full rounds are generated following: https://extgit.iaik.tugraz.at/krypto/hadesmimc/blob/master/code/calc_round_numbers.py
-
The MDS matrix is a cauchy matrix, the method used to generate it, is noted in section "Concrete Instantiations Poseidon and Starkad"
Reference
Dependencies
~1.6–2.5MB
~58K SLoC