#cryptography #zero-knowledge #crypto

nightly no-std dusk-hades

Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field

6 releases (3 breaking)

new 0.16.0-rc.1 May 3, 2021
0.16.0-rc.0 Apr 28, 2021
0.15.0 Apr 6, 2021
0.15.0-pre.0 Mar 22, 2021
0.13.0 Feb 11, 2021

#673 in Algorithms

Download history 53/week @ 2021-02-05 150/week @ 2021-02-12 120/week @ 2021-02-19 54/week @ 2021-02-26 41/week @ 2021-03-05 108/week @ 2021-03-12 89/week @ 2021-03-19 50/week @ 2021-03-26 161/week @ 2021-04-02 38/week @ 2021-04-09 21/week @ 2021-04-16 176/week @ 2021-04-23 361/week @ 2021-04-30

390 downloads per month
Used in 4 crates (via dusk-poseidon)

MPL-2.0 license

53KB
370 lines

Build Status Repository Documentation

Hades252

Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.

Documentation

To generate the Hades252 documentation:

make doc
make doc-internal

Use

To import Hades252, add the following to the dependencies section of your project's Cargo.toml:

dusk-hades = "0.16.0"

Hades252 has a width equals to 5; it's possible to use a different value, see How to generate the assets.

Parameters

  • p = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001

  • Security level is 117 -120 bits of security [NCCG] bits.

  • width = 5

  • Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has WIDTH quintic S-Boxes.

  • Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.

  • Number of round constants = 960

Example with permutation of scalars using the ScalarStrategy

use dusk_hades::{ScalarStrategy, Strategy, WIDTH};
use dusk_plonk::bls12_381::BlsScalar;

// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`

let input = vec![BlsScalar::from(1u64); dusk_hades::WIDTH];
let mut strategy = ScalarStrategy::new();
#
let mut output = input.clone();
strategy.perm(output.as_mut_slice());

assert_ne!(&input, &output);
assert_eq!(input.len(), output.len());

Example with permutation of Variables using the GadgetStrategy

// Proving that we know the pre-image of a hades-252 hash.
use dusk_hades::{GadgetStrategy, Strategy, WIDTH};
use dusk_plonk::prelude::*;

// Setup OG params.
const CAPACITY: usize = 1 << 7;
let public_parameters = PublicParameters::setup(CAPACITY, &mut rand::thread_rng()).unwrap();
let (ck, vk) = public_parameters.trim(CAPACITY).unwrap();;

// Gen composer
let mut composer = StandardComposer::new();

// Gen inputs
let mut inputs = [BlsScalar::one(); WIDTH];

let mut prover = Prover::new(b"Hades_Testing");

// Generate the witness data
let mut composer = prover.mut_cs();
let zero = composer.add_input(BlsScalar::zero());
let mut witness = [zero; WIDTH];
witness.iter_mut()
    .zip(inputs.iter())
    .for_each(|(w, i)| *w = composer.add_input(*i));

// Perform the permutation in the circuit
GadgetStrategy::hades_gadget(prover.mut_cs(), &mut witness);

// Now your composer has been filled with a hades permutation
// inside.
// Now you can build your proof or keep extending your circuit.

Deviations

Reference

https://eprint.iacr.org/2019/458.pdf

Dependencies

~2.3–3.5MB
~72K SLoC