Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.
Unstable : No guarantees can be made regarding the API stability.
To generate the Hades252 documentation:
sh
make doc
make doc-internal
To import Hades252, add the following to the dependencies section of your project's Cargo.toml:
toml
Hades252 = "0.12.0"
By default Hades252 has a width equals to 5.
It's possible to use an arbitrary value, between 3 and 9, by setting the
environment variable HADES252_WIDTH to the desired number.
p = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
Security level is 117 -120 bits of security [NCCG] bits.
width = 5
Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end,
where each full round has WIDTH quintic S-Boxes.
Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.
Number of round constants = 960
ScalarStrategy.```rust use duskhades::{ScalarStrategy, Strategy, WIDTH}; use duskplonk::bls12_381::BlsScalar;
// Generate the inputs that will permute.
// The number of values we can input is equivalent to WIDTH
let input = vec![BlsScalar::from(1u64); dusk_hades::WIDTH]; let mut strategy = ScalarStrategy::new();
let mut output = input.clone(); strategy.perm(output.asmutslice());
assertne!(&input, &output); asserteq!(input.len(), output.len());
```
GadgetStrategy```rust // Proving that we know the pre-image of a hades-252 hash. use duskhades::{GadgetStrategy, Strategy, WIDTH}; use duskplonk::prelude::*;
// Setup OG params. const CAPACITY: usize = 1 << 7; let publicparameters = PublicParameters::setup(CAPACITY, &mut rand::threadrng()).unwrap(); let (ck, vk) = public_parameters.trim(CAPACITY).unwrap();;
// Gen composer let mut composer = StandardComposer::new();
// Gen inputs let mut inputs = [BlsScalar::one(); WIDTH];
let mut prover = Prover::new(b"Hades_Testing");
// Generate the witness data let mut composer = prover.mutcs(); let zero = composer.addinput(BlsScalar::zero()); let mut witness = [zero; WIDTH]; witness.itermut() .zip(inputs.iter()) .foreach(|(w, i)| w = composer.add_input(i));
// Perform the permutation in the circuit GadgetStrategy::hadesgadget(prover.mutcs(), &mut witness);
// Now your composer has been filled with a hades permutation // inside. // Now you can build your proof or keep extending your circuit. ```
Round constants for the full rounds are generated following: https://extgit.iaik.tugraz.at/krypto/hadesmimc/blob/master/code/calcroundnumbers.py
They are then mapped onto Scalars in the Ristretto scalar field.
The MDS matrix is a cauchy matrix, the method used to generate it, is noted in section "Concrete Instantiations Poseidon and Starkad"