Lib.rs

Cryptography
#zero-knowledge #crypto

no-std dusk-hades

Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field

by Kevaundray Wedderburn, Matteo Ferretti, Victor Lopes, Carlos Pérez. Owned by Dusk Network.

17 releases (9 breaking)

new 0.22.1 Nov 22, 2023
0.21.0 Jun 28, 2023
0.20.0 Oct 26, 2022
0.18.0-rc.0 Feb 24, 2022
0.15.0-pre.0 Mar 22, 2021

#1425 in Cryptography

Download history 143/week @ 2023-08-06 100/week @ 2023-08-13 95/week @ 2023-08-20 109/week @ 2023-08-27 125/week @ 2023-09-03 90/week @ 2023-09-10 84/week @ 2023-09-17 121/week @ 2023-09-24 153/week @ 2023-10-01 381/week @ 2023-10-08 342/week @ 2023-10-15 330/week @ 2023-10-22 203/week @ 2023-10-29 289/week @ 2023-11-05 177/week @ 2023-11-12 192/week @ 2023-11-19

883 downloads per month
Used in 11 crates (via dusk-poseidon)

MPL-2.0 license

61KB
370 lines

Build Status Repository Documentation

Hades252

Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.

Documentation

To generate the Hades252 documentation:

make doc
make doc-internal

Use

To import Hades252, add the following to the dependencies section of your project's Cargo.toml:

dusk-hades = "0.16.0"

Hades252 has a width equals to 5; it's possible to use a different value, see How to generate the assets.

Parameters

  • p = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001

  • Security level is 117 -120 bits of security [NCCG] bits.

  • width = 5

  • Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has WIDTH quintic S-Boxes.

  • Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.

  • Number of round constants = 960

Example for ScalarStrategy

use dusk_bls12_381::BlsScalar;
use dusk_hades::{ScalarStrategy, Strategy, WIDTH};

// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`

let input = vec![BlsScalar::from(1u64); dusk_hades::WIDTH];
let mut output = input.clone();

let mut strategy = ScalarStrategy::new();
strategy.perm(output.as_mut_slice());

assert_ne!(&input, &output);
assert_eq!(input.len(), output.len());

Example for GadgetStrategy

// Proving that we know the pre-image of a hades-252 hash.
use dusk_hades::{GadgetStrategy, Strategy, WIDTH};
use dusk_plonk::prelude::*;

// Setup OG params.
const CAPACITY: usize = 1 << 10;

let public_parameters = PublicParameters::setup(CAPACITY, &mut rand::thread_rng()).unwrap();
let (ck, vk) = public_parameters.trim(CAPACITY).unwrap();;

// Gen inputs
let mut inputs = [BlsScalar::one(); WIDTH];

let mut prover = Prover::new(b"Hades_Testing");

// Generate the witness data
let mut composer = prover.composer_mut();
let zero = TurboComposer::constant_zero();

let mut witness = [zero; WIDTH];
witness.iter_mut()
    .zip(inputs.iter())
    .for_each(|(w, i)| *w = composer.append_witness(*i));

// Perform the permutation in the circuit
GadgetStrategy::gadget(prover.composer_mut(), &mut witness);

// Now your composer has been filled with a hades permutation
// inside.
// Now you can build your proof or keep extending your circuit.

Deviations

Reference

https://eprint.iacr.org/2019/458.pdf

Dependencies

~1.6–2.5MB
~58K SLoC