poseidon hash #12
poseidon hash #12
Conversation
WalkthroughThe project has enriched its documentation with the Poseidon Hasher, a sophisticated hashing mechanism leveraging sponge construction and HadesMiMC. Updates include enhanced scripts and implementations for Poseidon and Starkad, addressing bugs and improving calculations, along with new tools for computations and testing. Changes
Recent Review DetailsConfiguration used: CodeRabbit UI Files selected for processing (4)
Files skipped from review as they are similar to previous changes (1)
Additional Context UsedLanguageTool (41)
Additional comments not posted (1)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Out of diff range and nitpick comments (3)
README.md (3)
Line range hint
4-4: Consider revising the phrase "research of:" to avoid grammatical issues.- A single repository that hosts my "in-code" research of: protocols, ZK, cryptography, rust etc. + A single repository that hosts my "in-code" research on protocols, ZK, cryptography, rust, etc.
Line range hint
6-6: Add a blank line after the heading "Browsing the codebase" for better readability and to adhere to Markdown best practices.## Browsing the codebase + The codebase is mostly split into different directories depending on the specific ideas that they tackle.
Line range hint
13-13: Add a blank line after the heading "References" for better readability and to adhere to Markdown best practices.## References + - **\[Sha97\]**: Shamir's secret sharing https://apps.dtic.mil/sti/pdfs/ADA069397.pdf.
| def print_words_to_hex(words): | ||
| hex_length = int(ceil(float(n) / 4)) + 2 # +2 for "0x" | ||
| print(["{0:#0{1}x}".format(entry.integer_representation(), hex_length) for entry in words]) | ||
|
|
||
| def print_concat_words_to_large(words): | ||
| hex_length = int(ceil(float(n) / 4)) | ||
| nums = ["{0:0{1}x}".format(entry.integer_representation(), hex_length) for entry in words] | ||
| final_string = "0x" + ''.join(nums) | ||
| print(final_string) |
There was a problem hiding this comment.
Consider refactoring the list comprehensions in print_words_to_hex and print_concat_words_to_large for better readability and maintainability.
| if len(sys.argv) < 8: | ||
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <alpha> <security_level> <modulus_hex>") | ||
| print("field = 1 for GF(p)") | ||
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | ||
| exit() |
There was a problem hiding this comment.
Ensure proper error handling for incorrect command-line arguments.
- exit()
+ sys.exit("Error: Incorrect usage of the script.")This change ensures that the script exits with an appropriate error message, improving the user experience by providing clear feedback on what went wrong.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| if len(sys.argv) < 8: | |
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <alpha> <security_level> <modulus_hex>") | |
| print("field = 1 for GF(p)") | |
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | |
| exit() | |
| if len(sys.argv) < 8: | |
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <alpha> <security_level> <modulus_hex>") | |
| print("field = 1 for GF(p)") | |
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | |
| sys.exit("Error: Incorrect usage of the script.") |
| # In Hex that is `0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001` | ||
| # So, the following command should work: | ||
| # sage generate_params_poseidon.sage 1 0 255 3 3 128 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001 | ||
| write_file = True |
There was a problem hiding this comment.
Consider making the write_file flag configurable via command-line arguments.
This would enhance the flexibility of the script, allowing users to decide at runtime whether they want to write the output to a file or not.
| def sat_inequiv_alpha(p, t, R_F, R_P, alpha, M): | ||
| N = int(FIELD_SIZE * NUM_CELLS) | ||
|
|
||
| if alpha > 0: | ||
| R_F_1 = 6 if M <= ((floor(log(p, 2) - ((alpha-1)/2.0))) * (t + 1)) else 10 # Statistical | ||
| R_F_2 = 1 + ceil(log(2, alpha) * min(M, FIELD_SIZE)) + ceil(log(t, alpha)) - R_P # Interpolation | ||
| R_F_3 = (log(2, alpha) * min(M, log(p, 2))) - R_P # Groebner 1 | ||
| R_F_4 = t - 1 + log(2, alpha) * min(M / float(t + 1), log(p, 2) / float(2)) - R_P # Groebner 2 | ||
| R_F_5 = (t - 2 + (M / float(2 * log(alpha, 2))) - R_P) / float(t - 1) # Groebner 3 | ||
| R_F_max = max(ceil(R_F_1), ceil(R_F_2), ceil(R_F_3), ceil(R_F_4), ceil(R_F_5)) | ||
|
|
||
| # Addition due to https://eprint.iacr.org/2023/537.pdf | ||
| r_temp = floor(t / 3.0) | ||
| over = (R_F - 1) * t + R_P + r_temp + r_temp * (R_F / 2.0) + R_P + alpha | ||
| under = r_temp * (R_F / 2.0) + R_P + alpha | ||
| binom_log = log(binomial(over, under), 2) | ||
| if binom_log == inf: | ||
| binom_log = M + 1 | ||
| cost_gb4 = ceil(2 * binom_log) # Paper uses 2.3727, we are more conservative here | ||
|
|
||
| return ((R_F >= R_F_max) and (cost_gb4 >= M)) | ||
| else: | ||
| print("Invalid value for alpha!") | ||
| exit(1) |
There was a problem hiding this comment.
Refactor the sat_inequiv_alpha function to improve readability and maintainability.
- if alpha > 0:
+ if alpha <= 0:
+ print("Invalid value for alpha!")
+ sys.exit(1)
+ # Rest of the code remains unchangedThis change makes the function's flow easier to follow by handling the error case first and reducing the nesting of the main logic.
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| def sat_inequiv_alpha(p, t, R_F, R_P, alpha, M): | |
| N = int(FIELD_SIZE * NUM_CELLS) | |
| if alpha > 0: | |
| R_F_1 = 6 if M <= ((floor(log(p, 2) - ((alpha-1)/2.0))) * (t + 1)) else 10 # Statistical | |
| R_F_2 = 1 + ceil(log(2, alpha) * min(M, FIELD_SIZE)) + ceil(log(t, alpha)) - R_P # Interpolation | |
| R_F_3 = (log(2, alpha) * min(M, log(p, 2))) - R_P # Groebner 1 | |
| R_F_4 = t - 1 + log(2, alpha) * min(M / float(t + 1), log(p, 2) / float(2)) - R_P # Groebner 2 | |
| R_F_5 = (t - 2 + (M / float(2 * log(alpha, 2))) - R_P) / float(t - 1) # Groebner 3 | |
| R_F_max = max(ceil(R_F_1), ceil(R_F_2), ceil(R_F_3), ceil(R_F_4), ceil(R_F_5)) | |
| # Addition due to https://eprint.iacr.org/2023/537.pdf | |
| r_temp = floor(t / 3.0) | |
| over = (R_F - 1) * t + R_P + r_temp + r_temp * (R_F / 2.0) + R_P + alpha | |
| under = r_temp * (R_F / 2.0) + R_P + alpha | |
| binom_log = log(binomial(over, under), 2) | |
| if binom_log == inf: | |
| binom_log = M + 1 | |
| cost_gb4 = ceil(2 * binom_log) # Paper uses 2.3727, we are more conservative here | |
| return ((R_F >= R_F_max) and (cost_gb4 >= M)) | |
| else: | |
| print("Invalid value for alpha!") | |
| exit(1) | |
| def sat_inequiv_alpha(p, t, R_F, R_P, alpha, M): | |
| N = int(FIELD_SIZE * NUM_CELLS) | |
| if alpha <= 0: | |
| print("Invalid value for alpha!") | |
| sys.exit(1) | |
| R_F_1 = 6 if M <= ((floor(log(p, 2) - ((alpha-1)/2.0))) * (t + 1)) else 10 # Statistical | |
| R_F_2 = 1 + ceil(log(2, alpha) * min(M, FIELD_SIZE)) + ceil(log(t, alpha)) - R_P # Interpolation | |
| R_F_3 = (log(2, alpha) * min(M, log(p, 2))) - R_P # Groebner 1 | |
| R_F_4 = t - 1 + log(2, alpha) * min(M / float(t + 1), log(p, 2) / float(2)) - R_P # Groebner 2 | |
| R_F_5 = (t - 2 + (M / float(2 * log(alpha, 2))) - R_P) / float(t - 1) # Groebner 3 | |
| R_F_max = max(ceil(R_F_1), ceil(R_F_2), ceil(R_F_3), ceil(R_F_4), ceil(R_F_5)) | |
| # Addition due to https://eprint.iacr.org/2023/537.pdf | |
| r_temp = floor(t / 3.0) | |
| over = (R_F - 1) * t + R_P + r_temp + r_temp * (R_F / 2.0) + R_P + alpha | |
| under = r_temp * (R_F / 2.0) + R_P + alpha | |
| binom_log = log(binomial(over, under), 2) | |
| if binom_log == inf: | |
| binom_log = M + 1 | |
| cost_gb4 = ceil(2 * binom_log) # Paper uses 2.3727, we are more conservative here | |
| return ((R_F >= R_F_max) and (cost_gb4 >= M)) |
|
|
||
|
|
||
| # This file was *autogenerated* from the file generate_params_poseidon.sage | ||
| from sage.all_cmdline import * # import sage library |
There was a problem hiding this comment.
Consider using specific imports instead of wildcard imports to improve code clarity and avoid namespace pollution.
- from sage.all_cmdline import * # import sage library
+ from sage.all_cmdline import Integer, RealNumber, GF, matrix, VectorSpace, floor, ceil, log, binomialCommittable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| from sage.all_cmdline import * # import sage library | |
| from sage.all_cmdline import Integer, RealNumber, GF, matrix, VectorSpace, floor, ceil, log, binomial |
| @@ -0,0 +1,145 @@ | |||
| from math import * | |||
There was a problem hiding this comment.
Avoid using from math import * as it can lead to namespace pollution and make it harder to identify where functions come from.
- from math import *
+ import mathCommittable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| from math import * | |
| import math |
| @@ -0,0 +1,145 @@ | |||
| from math import * | |||
| import sys | |||
There was a problem hiding this comment.
The sys module is imported but not used in this file. Consider removing the import if it's unnecessary.
- import sysCommittable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| import sys |
| for R_P_t in range(1, 500): | ||
| for R_F_t in range(4, 100): | ||
| if R_F_t % 2 == 0: | ||
| if (sat_inequiv(p, t, R_F_t, R_P_t, alpha, M) == True): |
There was a problem hiding this comment.
Avoid comparing boolean expressions to True. Use the expression directly in the if statement.
- if (sat_inequiv(p, t, R_F_t, R_P_t, alpha, M) == True):
+ if sat_inequiv(p, t, R_F_t, R_P_t, alpha, M):Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| if (sat_inequiv(p, t, R_F_t, R_P_t, alpha, M) == True): | |
| if sat_inequiv(p, t, R_F_t, R_P_t, alpha, M): |
| @@ -0,0 +1,373 @@ | |||
| # Remark: This script contains functionality for GF(2^n), but currently works only over GF(p)! A few small adaptations are needed for GF(2^n). | |||
There was a problem hiding this comment.
Clarify the remark about the script's functionality and the needed adaptations for GF(2^n). This helps future developers understand the limitations and required changes.
Would you like me to help document these adaptations or open a GitHub issue to track this task?
| if len(sys.argv) < 7: | ||
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <R_F> <R_P> (<prime_number_hex>)") | ||
| print("field = 1 for GF(p)") | ||
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | ||
| exit() |
There was a problem hiding this comment.
The script exits without providing detailed usage instructions if the required arguments are not provided. Consider enhancing the error message to include an example of correct usage.
- print("Usage: <script> <field> <s_box> <field_size> <num_cells> <R_F> <R_P> (<prime_number_hex>)")
+ print("Usage: <script> <field> <s_box> <field_size> <num_cells> <R_F> <R_P> <prime_number_hex>")
+ print("Example: <script> 1 0 255 5 8 60 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001")Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| if len(sys.argv) < 7: | |
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <R_F> <R_P> (<prime_number_hex>)") | |
| print("field = 1 for GF(p)") | |
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | |
| exit() | |
| if len(sys.argv) < 7: | |
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <R_F> <R_P> <prime_number_hex>") | |
| print("Example: <script> 1 0 255 5 8 60 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001") | |
| print("field = 1 for GF(p)") | |
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | |
| exit() |
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
| @@ -0,0 +1,57 @@ | |||
| # Poseidon Hasher | |||
There was a problem hiding this comment.
Ensure headings are surrounded by blank lines for proper Markdown formatting.
+#
# Poseidon Hasher
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| # Poseidon Hasher | |
| # | |
| # Poseidon Hasher | |
| # |
|
|
||
| Poseidon is said to be a variant of *HadesMiMC* construction however with a fixed and known key. | ||
|
|
||
| ## A primer on sponge construction |
There was a problem hiding this comment.
Ensure headings are surrounded by blank lines for proper Markdown formatting.
+#
## A primer on sponge construction
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## A primer on sponge construction | |
| # | |
| ## A primer on sponge construction | |
| # |
| - Output $o$ output elements out of the rate part of the state. | ||
| If needed, iterate the permutation more times. | ||
|
|
||
| ## The HADES design strategy |
There was a problem hiding this comment.
Ensure headings are surrounded by blank lines for proper Markdown formatting.
+#
## The HADES design strategy
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## The HADES design strategy | |
| ## | |
| ## The HADES design strategy | |
| ## |
| 2. $SBOX$: Application of S-Boxes | ||
| 3. $MIX$: Mix layers | ||
|
|
||
| ## Reference implementation for magic values |
There was a problem hiding this comment.
Ensure headings are surrounded by blank lines for proper Markdown formatting.
+#
## Reference implementation for magic values
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## Reference implementation for magic values | |
| ## | |
| ## Reference implementation for magic values | |
| ## |
| This generates `poseidon_params_n255_t3_alpha3_M128.txt` file. Using values in this file, we generate values ingested in the rust code. | ||
|
|
||
|
|
||
| ## References |
There was a problem hiding this comment.
Ensure headings are surrounded by blank lines for proper Markdown formatting.
+#
## References
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## References | |
| # | |
| ## References | |
| # |
| 3 # alpha \ | ||
| 128 # security level \ | ||
| 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001 | ||
| ``` |
There was a problem hiding this comment.
Ensure fenced code blocks are surrounded by blank lines for proper Markdown formatting.
+#
sage generate_params_poseidon.sage \Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ``` | |
| # | |
| sage generate_params_poseidon.sage \ |
| In this, the $I$ is maintained state that changes over time, $m_x$ are injected values to be hashed and $h_y$ are the output elements. | ||
|
|
||
| General construction looks as follows: | ||
| - Depending on the use case, determine the capacity element value and the input padding if needed. |
There was a problem hiding this comment.
Ensure lists are surrounded by blank lines for proper Markdown formatting.
+#
- Depending on the use case, determine the capacity element value and the input padding if needed.
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| - Depending on the use case, determine the capacity element value and the input padding if needed. | |
| # | |
| # |
|
|
||
| ## The HADES design strategy | ||
| The HADES design strategy consists of: | ||
| - First, $R_f$ rounds in the beginning, in which S-boxes |
There was a problem hiding this comment.
Ensure lists are surrounded by blank lines for proper Markdown formatting.
+#
- First, $R_f$ rounds in the beginning, in which S-boxes
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| - First, $R_f$ rounds in the beginning, in which S-boxes | |
| # | |
| - First, $R_f$ rounds in the beginning, in which S-boxes | |
| # |
|  | ||
|
|
||
| Each such round consists of the following three sub-steps: | ||
| 1. $ARC$: Add round constants |
There was a problem hiding this comment.
Ensure lists are surrounded by blank lines for proper Markdown formatting.
+#
1. $ARC$: Add round constants
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| 1. $ARC$: Add round constants | |
| # | |
| 1. $ARC$: Add round constants | |
| # |
|
|
||
| - **\[Sha97\]**: Shamir's secret sharing https://apps.dtic.mil/sti/pdfs/ADA069397.pdf. | ||
| - **\[Fel87\]**: Feldman's verifiable secret sharing https://www.zkdocs.com/docs/zkdocs/protocol-primitives/verifiable-secret-sharing/ | ||
| - **\[Sch91\]**: Schnorr's DLog PoK https://www.zkdocs.com/docs/zkdocs/zero-knowledge-protocols/schnorr/ | ||
| - **\[Tho09\]**: Poseidon Hasher https://eprint.iacr.org/2009/226.pdf | ||
|
|
There was a problem hiding this comment.
Add blank lines around the references section for better readability and Markdown formatting.
+#
- **\[Sha97\]**: Shamir's secret sharing https://apps.dtic.mil/sti/pdfs/ADA069397.pdf.
- **\[Fel87\]**: Feldman's verifiable secret sharing https://www.zkdocs.com/docs/zkdocs/protocol-primitives/verifiable-secret-sharing/
- **\[Sch91\]**: Schnorr's DLog PoK https://www.zkdocs.com/docs/zkdocs/zero-knowledge-protocols/schnorr/
- **\[Tho09\]**: Poseidon Hasher https://eprint.iacr.org/2009/226.pdf
+#Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| - **\[Sha97\]**: Shamir's secret sharing https://apps.dtic.mil/sti/pdfs/ADA069397.pdf. | |
| - **\[Fel87\]**: Feldman's verifiable secret sharing https://www.zkdocs.com/docs/zkdocs/protocol-primitives/verifiable-secret-sharing/ | |
| - **\[Sch91\]**: Schnorr's DLog PoK https://www.zkdocs.com/docs/zkdocs/zero-knowledge-protocols/schnorr/ | |
| - **\[Tho09\]**: Poseidon Hasher https://eprint.iacr.org/2009/226.pdf | |
| - **\[Sha97\]**: Shamir's secret sharing https://apps.dtic.mil/sti/pdfs/ADA069397.pdf. | |
| - **\[Fel87\]**: Feldman's verifiable secret sharing https://www.zkdocs.com/docs/zkdocs/protocol-primitives/verifiable-secret-sharing/ | |
| - **\[Sch91\]**: Schnorr's DLog PoK https://www.zkdocs.com/docs/zkdocs/zero-knowledge-protocols/schnorr/ | |
| - **\[Tho09\]**: Poseidon Hasher https://eprint.iacr.org/2009/226.pdf | |
| # Poseidon Hasher | ||
| Poseidon Hasher is a mapping over strings of $F_p$ (for prime $p > 2^{31}$) such that it maps $F_p^* \to F_p^o$ where $o$ is the number of output elements (often chosen value is $o = 1$). |
There was a problem hiding this comment.
Remove the repeated phrase "Poseidon Hasher" for clarity.
-# Poseidon Hasher Poseidon Hasher is a mapping over strings of $F_p$ (for prime $p > 2^{31}$) such that it maps $F_p^* \to F_p^o$ where $o$ is the number of output elements (often chosen value is $o = 1$).
+# Poseidon Hasher is a mapping over strings of $F_p$ (for prime $p > 2^{31}$) such that it maps $F_p^* \to F_p^o$ where $o$ is the number of output elements (often chosen value is $o = 1$).Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| # Poseidon Hasher | |
| Poseidon Hasher is a mapping over strings of $F_p$ (for prime $p > 2^{31}$) such that it maps $F_p^* \to F_p^o$ where $o$ is the number of output elements (often chosen value is $o = 1$). | |
| # Poseidon Hasher is a mapping over strings of $F_p$ (for prime $p > 2^{31}$) such that it maps $F_p^* \to F_p^o$ where $o$ is the number of output elements (often chosen value is $o = 1$). |
| ## A primer on sponge construction | ||
| Sponge construction looks as follows: |
There was a problem hiding this comment.
Remove the repeated phrase and add a blank line after the heading for clarity and proper formatting.
-## A primer on sponge construction Sponge construction looks as follows:
+## A primer on sponge construction
+
+Sponge construction looks as follows:Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## A primer on sponge construction | |
| Sponge construction looks as follows: | |
| ## A primer on sponge construction | |
| Sponge construction looks as follows: |
| ## The HADES design strategy | ||
| The HADES design strategy consists of: |
There was a problem hiding this comment.
Add a blank line after the heading for proper Markdown formatting.
-## The HADES design strategy The HADES design strategy consists of:
+## The HADES design strategy
+
+The HADES design strategy consists of:Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## The HADES design strategy | |
| The HADES design strategy consists of: | |
| ## The HADES design strategy | |
| The HADES design strategy consists of: |
| ## Reference implementation for magic values | ||
| Directory `reference/hadeshash` includes `generate_params_poseidong.sage` for generating values used inside poseidon hasher. We build values for BLS12-381's $F_q$ a.k.a Scalar Field. For this, use: |
There was a problem hiding this comment.
Add a blank line after the heading for proper Markdown formatting.
-## Reference implementation for magic values Directory `reference/hadeshash` includes `generate_params_poseidong.sage` for generating values used inside poseidon hasher. We build values for BLS12-381's $F_q$ a.k.a Scalar Field. For this, use:
+## Reference implementation for magic values
+
+Directory `reference/hadeshash` includes `generate_params_poseidong.sage` for generating values used inside poseidon hasher. We build values for BLS12-381's $F_q$ a.k.a Scalar Field. For this, use:Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## Reference implementation for magic values | |
| Directory `reference/hadeshash` includes `generate_params_poseidong.sage` for generating values used inside poseidon hasher. We build values for BLS12-381's $F_q$ a.k.a Scalar Field. For this, use: | |
| ## Reference implementation for magic values | |
| Directory `reference/hadeshash` includes `generate_params_poseidong.sage` for generating values used inside poseidon hasher. We build values for BLS12-381's $F_q$ a.k.a Scalar Field. For this, use: |
| ## References | ||
| [ICAR 2019/458](https://eprint.iacr.org/2019/458.pdf) |
There was a problem hiding this comment.
Add a blank line after the heading for proper Markdown formatting.
-## References [ICAR 2019/458](https://eprint.iacr.org/2019/458.pdf)
+## References
+
+[ICAR 2019/458](https://eprint.iacr.org/2019/458.pdf)Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| ## References | |
| [ICAR 2019/458](https://eprint.iacr.org/2019/458.pdf) | |
| ## References | |
| [ICAR 2019/458](https://eprint.iacr.org/2019/458.pdf) |
| print("Usage: <script> <field> <s_box> <field_size> <num_cells> <alpha> <security_level> <modulus_hex>") | ||
| print("field = 1 for GF(p)") | ||
| print("s_box = 0 for x^alpha, s_box = 1 for x^(-1)") | ||
| exit() |
There was a problem hiding this comment.
Replace exit() with sys.exit() to provide an exit status code, which is useful for debugging and integration with other software.
- exit()
+ sys.exit(1) # Exit with a status code indicating failureCommittable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| exit() | |
| sys.exit(1) # Exit with a status code indicating failure |
| def grain_sr_generator(): | ||
| bit_sequence = INIT_SEQUENCE | ||
| for _ in range(0, 160): | ||
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | ||
| bit_sequence.pop(0) | ||
| bit_sequence.append(new_bit) | ||
|
|
||
| while True: | ||
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | ||
| bit_sequence.pop(0) | ||
| bit_sequence.append(new_bit) | ||
| while new_bit == 0: | ||
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | ||
| bit_sequence.pop(0) | ||
| bit_sequence.append(new_bit) | ||
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | ||
| bit_sequence.pop(0) | ||
| bit_sequence.append(new_bit) | ||
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | ||
| bit_sequence.pop(0) | ||
| bit_sequence.append(new_bit) | ||
| yield new_bit |
There was a problem hiding this comment.
Refactor the grain_sr_generator function to reduce code duplication and improve clarity.
+ def update_bit_sequence():
+ new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0]
+ bit_sequence.pop(0)
+ bit_sequence.append(new_bit)
+ return new_bit
+
- for _ in range(0, 160):
- new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0]
- bit_sequence.pop(0)
- bit_sequence.append(new_bit)
- while True:
- new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0]
- bit_sequence.pop(0)
- bit_sequence.append(new_bit)
+ for _ in range(160):
+ update_bit_sequence()
+ while True:
+ new_bit = update_bit_sequence()Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.
| def grain_sr_generator(): | |
| bit_sequence = INIT_SEQUENCE | |
| for _ in range(0, 160): | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| while True: | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| while new_bit == 0: | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| yield new_bit | |
| def grain_sr_generator(): | |
| bit_sequence = INIT_SEQUENCE | |
| def update_bit_sequence(): | |
| new_bit = bit_sequence[62] ^^ bit_sequence[51] ^^ bit_sequence[38] ^^ bit_sequence[23] ^^ bit_sequence[13] ^^ bit_sequence[0] | |
| bit_sequence.pop(0) | |
| bit_sequence.append(new_bit) | |
| return new_bit | |
| for _ in range(160): | |
| update_bit_sequence() | |
| while True: | |
| new_bit = update_bit_sequence() | |
| while new_bit == 0: | |
| new_bit = update_bit_sequence() | |
| yield new_bit |
Summary by CodeRabbit
ark_bn254andark_stdcrates.