light-poseidon

light-poseidon is a Poseidon hash implementation in Rust created for Light Protocol.

Parameters

The library provides pre-generated parameters over the BN254 curve, however it can work with any parameters provided as long as developers take care of generating the round constants.

Parameters provided by the library are:

• x^5 S-boxes
• t = 2 - 13 (for 1 to 12 inputs)
• 8 full rounds and partial rounds depending on t [56, 57, 56, 60, 60, 63, 64, 63, 60, 66, 60, 65] The parameters can be generated with: `$ cargo xtask generate-poseidon-parameters

  Output type

Poseidon type implements two traits which serve the purpose of returning the calculated hash in different representations:

• PoseidonBytesHasher with the hash_bytes method which returns a byte array.
• PoseidonHasher with the hash method which returns ark_ff::PrimeField. Might be useful if you want to immediately process the result with an another library which works with ark_ff::PrimeField types.

Examples

Example with two simple big-endian byte inputs (converted to field elements) and BN254-based parameters provided by the library, with PoseidonBytesHasher trait and a byte array result:

```rust use lightposeidon::{Poseidon, PoseidonBytesHasher, parameters::bn254x5}; use arkbn254::Fr; use arkff::{BigInteger, PrimeField};

let mut poseidon = Poseidon::::new_circom(2).unwrap();

let hash = poseidon.hashbytesbe(&[&[1u8; 32], &[2u8; 32]]).unwrap();

println!("{:?}", hash); // Should print: // [ // 13, 84, 225, 147, 143, 138, 140, 28, 125, 235, 94, 3, 85, 242, 99, 25, 32, 123, 132, // 254, 156, 162, 206, 27, 38, 231, 53, 200, 41, 130, 25, 144 // ] ```

With [PoseidonHasher][crate::PoseidonHasher] trait and ark_ff::PrimeField result:

```rust use lightposeidon::{Poseidon, PoseidonHasher, parameters::bn254x5}; use arkbn254::Fr; use arkff::{BigInteger, PrimeField};

let mut poseidon = Poseidon::::new_circom(2).unwrap();

let input1 = Fr::frombebytesmodorder(&[1u8; 32]); let input2 = Fr::frombebytesmodorder(&[2u8; 32]);

let hash = poseidon.hash(&[input1, input2]).unwrap();

// Do something with hash. ```

Implementation

The implementation is compatible with the original SageMath implementation, but it was also inspired by the following ones:

• circomlibjs
• zero-knowledge-gadgets

Performance

This repository contains a benchmark measuring the performance of this Poseidon implementation for given 1 - 12 random 32 bytes inputs.

To run them, simply use:

bash cargo bench

This is the result from a host with the following hardware:

• 12th Gen Intel® Core™ i7-1260P × 16

```norust poseidonbn254x5_1 time: [17.543 µs 18.303 µs 19.133 µs] Found 9 outliers among 100 measurements (9.00%) 9 (9.00%) high mild

poseidonbn254x5_2 time: [25.020 µs 25.866 µs 26.830 µs]

poseidonbn254x5_3 time: [36.076 µs 37.549 µs 38.894 µs]

poseidonbn254x5_4 time: [50.333 µs 52.598 µs 54.806 µs]

poseidonbn254x5_5 time: [64.184 µs 66.324 µs 68.706 µs]

poseidonbn254x5_6 time: [87.356 µs 90.259 µs 93.437 µs]

poseidonbn254x5_7 time: [120.08 µs 125.26 µs 130.23 µs]

poseidonbn254x5_8 time: [134.28 µs 139.65 µs 145.71 µs]

poseidonbn254x5_9 time: [161.99 µs 168.93 µs 175.94 µs]

poseidonbn254x5_10 time: [208.11 µs 215.27 µs 222.99 µs] Found 1 outliers among 100 measurements (1.00%) 1 (1.00%) high mild

poseidonbn254x5_11 time: [239.47 µs 249.05 µs 258.35 µs]

poseidonbn254x5_12 time: [295.47 µs 305.80 µs 316.41 µs] ```

License

Licensed under Apache License, Version 2.0.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.