Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
poseidon2_permutation.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: dd03c4a23ab067274b4964cacb36d1545f73fb14}
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "poseidon2_params.hpp"
10
11#include <array>
12#include <cstddef>
13#include <cstdint>
14
15namespace bb::crypto {
16
23template <typename Params> class Poseidon2Permutation {
24 public:
25 // t = sponge permutation size (in field elements)
26 // t = rate + capacity
27 // capacity = 1 field element (256 bits)
28 // rate = number of field elements that can be compressed per permutation
29 static constexpr size_t t = Params::t;
30 // number of full sbox rounds
31 static constexpr size_t rounds_f = Params::rounds_f;
32 // number of partial sbox rounds
33 static constexpr size_t rounds_p = Params::rounds_p;
34 static constexpr size_t NUM_ROUNDS = Params::rounds_f + Params::rounds_p;
35
36 using FF = typename Params::FF;
37 using State = std::array<FF, t>;
38 using RoundConstants = std::array<FF, t>;
39 using MatrixDiagonal = std::array<FF, t>;
40 using RoundConstantsContainer = std::array<RoundConstants, NUM_ROUNDS>;
41
42 static constexpr MatrixDiagonal internal_matrix_diagonal_minus_one = Params::internal_matrix_diagonal_minus_one;
43 static constexpr RoundConstantsContainer round_constants = Params::round_constants;
44
45 static constexpr void matrix_multiplication_4x4(State& input)
46 {
58 auto t0 = input[0] + input[1]; // A + B
59 auto t1 = input[2] + input[3]; // C + D
60 auto t2 = input[1] + input[1]; // 2B
61 t2 += t1; // 2B + C + D
62 auto t3 = input[3] + input[3]; // 2D
63 t3 += t0; // 2D + A + B
64 auto t4 = t1 + t1;
65 t4 += t4;
66 t4 += t3; // A + B + 4C + 6D
67 auto t5 = t0 + t0;
68 t5 += t5;
69 t5 += t2; // 4A + 6B + C + D
70 auto t6 = t3 + t5; // 5A + 7B + C + 3D
71 auto t7 = t2 + t4; // A + 3B + 5C + 7D
72 input[0] = t6;
73 input[1] = t5;
74 input[2] = t7;
75 input[3] = t4;
76 }
77
78 static constexpr void add_round_constants(State& input, const RoundConstants& rc)
79 {
80 for (size_t i = 0; i < t; ++i) {
81 input[i] += rc[i];
82 }
83 }
84
85 static constexpr void matrix_multiplication_internal(State& input)
86 {
87 // for t = 4
88 // Computes: result[i] = (D_i - 1) * input[i] + sum = D_i * input[i] + (sum of other elements)
89 // where D_i are the actual diagonal values and internal_matrix_diagonal_minus_one[i] = D_i - 1
90 auto sum = input[0];
91 for (size_t i = 1; i < t; ++i) {
92 sum += input[i];
93 }
94 for (size_t i = 0; i < t; ++i) {
95 input[i] *= internal_matrix_diagonal_minus_one[i];
96 input[i] += sum;
97 }
98 }
99
100 static constexpr void matrix_multiplication_external(State& input)
101 {
102 static_assert(t == 4, "Only t=4 is supported");
103 matrix_multiplication_4x4(input);
104 }
105
112 static constexpr void apply_single_sbox(FF& input)
113 {
114 auto x2 = input.sqr();
115 x2.self_sqr(); // x2 -> x4
116 input *= x2;
117 }
118
119 static constexpr void apply_sbox(State& input)
120 {
121 for (auto& in : input) {
122 apply_single_sbox(in);
123 }
124 }
125
131 static constexpr void permutation_inplace(State& state)
132 {
133 // Apply 1st linear layer
134 matrix_multiplication_external(state);
135
136 // First set of external rounds
137 constexpr size_t rounds_f_beginning = rounds_f / 2;
138 for (size_t i = 0; i < rounds_f_beginning; ++i) {
139 add_round_constants(state, round_constants[i]);
140 apply_sbox(state);
141 matrix_multiplication_external(state);
142 }
143
144 // Internal rounds
145 constexpr size_t p_end = rounds_f_beginning + rounds_p;
146 for (size_t i = rounds_f_beginning; i < p_end; ++i) {
147 state[0] += round_constants[i][0];
148 apply_single_sbox(state[0]);
149 matrix_multiplication_internal(state);
150 }
151
152 // Remaining external rounds
153 for (size_t i = p_end; i < NUM_ROUNDS; ++i) {
154 add_round_constants(state, round_constants[i]);
155 apply_sbox(state);
156 matrix_multiplication_external(state);
157 }
158 }
159
163 static constexpr State permutation(const State& input)
164 {
165 State result(input);
166 permutation_inplace(result);
167 return result;
168 }
169};
170} // namespace bb::crypto
bb::crypto::Poseidon2Permutation
Applies the Poseidon2 permutation function from https://eprint.iacr.org/2023/323.
Definition poseidon2_permutation.hpp:23
bb::crypto::Poseidon2Permutation::permutation_inplace
static constexpr void permutation_inplace(State &state)
In-place Poseidon2 permutation from https://eprint.iacr.org/2023/323.
Definition poseidon2_permutation.hpp:131
bb::crypto::Poseidon2Permutation::permutation
static constexpr State permutation(const State &input)
Native form of Poseidon2 permutation (returns new state).
Definition poseidon2_permutation.hpp:163
bb::crypto::Poseidon2Permutation::matrix_multiplication_4x4
static constexpr void matrix_multiplication_4x4(State &input)
Definition poseidon2_permutation.hpp:45
bb::crypto::Poseidon2Permutation::apply_single_sbox
static constexpr void apply_single_sbox(FF &input)
S-box: x -> x^5.
Definition poseidon2_permutation.hpp:112
bb::crypto::Poseidon2Permutation::matrix_multiplication_internal
static constexpr void matrix_multiplication_internal(State &input)
Definition poseidon2_permutation.hpp:85
bb::crypto::Poseidon2Permutation::matrix_multiplication_external
static constexpr void matrix_multiplication_external(State &input)
Definition poseidon2_permutation.hpp:100
bb::crypto::Poseidon2Permutation::add_round_constants
static constexpr void add_round_constants(State &input, const RoundConstants &rc)
Definition poseidon2_permutation.hpp:78
bb::crypto::Poseidon2Permutation::apply_sbox
static constexpr void apply_sbox(State &input)
Definition poseidon2_permutation.hpp:119
bb::crypto::Poseidon2Permutation::RoundConstantsContainer
std::array< RoundConstants, NUM_ROUNDS > RoundConstantsContainer
Definition poseidon2_permutation.hpp:40
bb::crypto::Poseidon2Permutation::round_constants
static constexpr RoundConstantsContainer round_constants
Definition poseidon2_permutation.hpp:43
bb::crypto::Poseidon2Permutation::internal_matrix_diagonal_minus_one
static constexpr MatrixDiagonal internal_matrix_diagonal_minus_one
Definition poseidon2_permutation.hpp:42
bb::sum
Inner sum(Cont< Inner, Args... > const &in)
Definition container.hpp:70
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
poseidon2_params.hpp
bb::crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal_minus_one
static constexpr std::array< FF, t > internal_matrix_diagonal_minus_one
Definition poseidon2_params.hpp:26
bb::crypto::Poseidon2Bn254ScalarFieldParams::round_constants
static constexpr std::array< std::array< FF, t >, rounds_f+rounds_p > round_constants
Definition poseidon2_params.hpp:60