-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathposeidon.h
45 lines (38 loc) · 1.66 KB
/
poseidon.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/*******************************************************************************
* Poseidon is a hash function explained in https://eprint.iacr.org/2019/458
* It requires the following parameters, with p a prime defining a prime field.
* alpha = smallest prime st gcd(p, alpha) = 1
* m = number of field elements in the state of the hash function.
* N = number of rounds the hash function performs on each digest.
* For m = r + c, the sponge absorbs (via field addition) and squeezes r field
* elements per iteration, and offers log2(c) bits of security.
* For our p (definied in crypto.c), we have alpha = 11, m = 3, r = 1, s = 2.
*
* Poseidon splits the full rounds into two, putting half before the parital
* rounds are run, and the other half after. We have :
* full rounds = 8
* partial = 30,
* meaning that the rounds total 38.
* poseidon.c handles splitting the partial rounds in half and execution order.
********************************************************************************/
#pragma once
#include "crypto.h"
#define POSEIDON_LEGACY 0x00
#define POSEIDON_KIMCHI 0x01
#define MAX_SPONGE_WIDTH 5
typedef Field State[MAX_SPONGE_WIDTH];
typedef struct poseidon_context_t {
State state;
size_t absorbed;
size_t sponge_width;
size_t sponge_rate;
size_t full_rounds;
uint8_t sbox_alpha;
uint8_t type;
const Field ***round_keys;
const Field **mds_matrix;
void (*permutation)(struct poseidon_context_t *);
} PoseidonCtx;
bool poseidon_init(PoseidonCtx *ctx, const uint8_t type, const uint8_t network_id);
void poseidon_update(PoseidonCtx *ctx, const Field *input, size_t len);
void poseidon_digest(Scalar out, PoseidonCtx *ctx);