-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split permutation from sponge construction #93
Comments
This was referenced Oct 4, 2021
hdevalence
referenced
this issue
in penumbra-zone/sponge
Oct 19, 2021
Work towards #29; this doesn't touch the constraint system implementation yet, in order to be able to get design feedback on the software part. - The `poseidon::PoseidonParameters` struct is renamed to `poseidon::Parameters` but otherwise remains unchanged. - The `poseidon::PoseidonSpongeState` struct is renamed to `poseidon::State` and redefined to hold just the state itself, as well as the parameters needed to run the permutation. It exposes a `permute(&mut self)` method, `rate()` and `capacity()` accessors, as well as `Index`, `IndexMut`, `AsRef`, and `AsMut` impls that allow access to the state. - The `poseidon::PoseidonSponge` struct is renamed to `poseidon::Sponge` and holds a `State` and a `DuplexSpongeMode`. In other words, it consists of the state, together with the extra data tracking how that state is being used to implement a higher-level duplex construction. - The `CryptographicSponge` trait is changed so that `new()` takes an owned, `Self::Parameters`, not a borrowed one. This allows the caller to decide where to copy data, instead of forcing the sponge implementation to clone internally. Or, a `CryptographicSponge` implementation could declare the associated `Parameters` type to be some shared type (like an `Arc` wrapper) that avoids the need to copy at all. - The `SpongeExt` trait that allows converting back and forth between a state and a sponge is deleted; it's not safe to pass between abstraction layers that way.
5 tasks
hdevalence
referenced
this issue
in penumbra-zone/poseidon377
Oct 20, 2021
This uses the API changes from: - https://github.com/arkworks-rs/sponge/issues/29 - arkworks-rs/sponge#30 to avoid working through the Arkworks sponge interface, and do hashing using the permutation directly.
hdevalence
referenced
this issue
in penumbra-zone/poseidon377
Oct 20, 2021
This uses the API changes from: - https://github.com/arkworks-rs/sponge/issues/29 - arkworks-rs/sponge#30 to avoid working through the Arkworks sponge interface, and do hashing using the permutation directly.
hdevalence
referenced
this issue
in penumbra-zone/poseidon377
Oct 20, 2021
This uses the API changes from: - https://github.com/arkworks-rs/sponge/issues/29 - arkworks-rs/sponge#30 to avoid working through the Arkworks sponge interface, and do hashing using the permutation directly.
hdevalence
referenced
this issue
in penumbra-zone/poseidon377
Oct 20, 2021
This uses the API changes from: - https://github.com/arkworks-rs/sponge/issues/29 - arkworks-rs/sponge#30 to avoid working through the Arkworks sponge interface, and do hashing using the permutation directly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
I think it would be useful to split the current API into two parts, a lower-level part with access to the "raw" permutation, and a higher-level part with a sponge or other duplex construction.
Problem Definition
Currently, it's not possible for API clients to use the permutation directly, only via the provided sponge construction. This presents some difficulties:
For fixed-size hashing, users have to figure out how to specify the hashing behavior they want in terms of the duplex operations, instead of being able to write it directly. This makes it more likely that the code will include some behavior accidentally derived from the initial implementation choice.
It's not possible for users to implement any other duplex modes than what's already provided, or to implement duplex behavior that's differently specified than the provided one. For instance, the current implementation puts the capacity at the end of the state, but other instantiations of Poseidon hashing, like the C2SP proposal Poseidon sponge construction C2SP/C2SP#3 , put it at the beginning.
Proposal
Rework the current structures as follows:
PoseidonParameters
: remains unchanged.1PoseidonSpongeState
: renamed toPoseidonState
, and redefined asIn other words, the state structure includes the field elements in the state, as well as the parameters needed to run the permutation. The
permute
function is moved to apub fn permute(&mut self)
onPoseidonState
.PoseidonSponge
: redefined asIn other words, the sponge structure consists of a state, together with the extra data tracking how that state is being used to implement a higher-level duplex construction.
This allows providing two levels of API: a lower-level API that provides precise control over the permutation, and a higher-level API that provides a duplex or other construction. Users who want to have more "batteries included" functionality can use the higher-level construction, but it's possible to implement other constructions using the lower-level API.
For Admin Use
Footnotes
the doc comment about "and RNG used" should be eliminated, correct? I don't see any use of an RNG in the public API. ↩
The text was updated successfully, but these errors were encountered: