Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR for Merkle-friendly 32-byte Pedersen hash functions #2

Open
weijiekoh opened this issue Dec 18, 2018 · 2 comments
Open

PR for Merkle-friendly 32-byte Pedersen hash functions #2

weijiekoh opened this issue Dec 18, 2018 · 2 comments

Comments

@weijiekoh
Copy link

weijiekoh commented Dec 18, 2018
edited
Loading

Hi Jordi,

Would you be interested in a pull request to add new circuits and JS code for the following features?

All the code is here: https://github.com/weijiekoh/snarschain

  1. PedersenHash circuit

    • 1 input signal: a 32-byte bigInt
    • 3 output signals:
      • x-output of a Pedersen circuit
      • y-output of a Pedersen circuit
      • 32-byte encoded-output of a new EncodePedersenPoint circuit

  2. EncodePedersenPoint circuit

    • 2 input signals: x and y (32-byte bigInts)
    • 1 output signal: the 256 bits of x, but its most significant 8 bits are the 8 most significant bits of y.

  3. JoinHashes circuit

    • 2 input signals: left and right
    • 1 input signal: the 128 LSBs of left concatenated with the 128 LSBs of right

  4. PedersenHashDouble circuit

    • 2 input signals: left and right, a 32-byte bigInt each
    • 2 output signals:
      • out[2]: the x- and y-outputs of a Pedersen circuit
      • 32-byte encoded-output of a new EncodePedersenPoint circuit

These circuits achieve two goals:

  1. Have an easy-to-use Pedersen hash circuit which outputs 32 bytes. Since the Pedersen hash function outputs a point on the BabyJub curve, which is symmetrical across the y-axis, the only relevant data is the x-value and the sign of the y-value. However, the babyJub.packPoint() function will cause an integer overflow within circom, so the next best option is to return 32 bytes consisting of the most significant 8 bits of y and the least significant 248 bits of x.

  2. Have an easy-to-use Pedersen hash circuit which can be plugged in to a Merkle tree validator circuit. Since it needs to hash two 32-byte values, it takes 16 bytes from each input and then pipes them into the Pedersen single-input hash circuit described above.

I'm curious about what you think. If you like the idea, I'm happy to package what I've written as a PR to circomlib and submit that. I'm also keen to improve EncodePedersenPoint and JoinHashes if they are incorrect or insecure.

Thanks!
@weijiekoh weijiekoh changed the title PR for circom-friendly 32-byte Pedersen hash functions PR for Merkle-friendly 32-byte Pedersen hash functions Dec 18, 2018
@weijiekoh
Copy link
Author

weijiekoh commented Dec 18, 2018
edited
Loading

I just discovered sha256compression.circom! I will try to use that instead of the naive concatenation method described above.

*edit: scratch that, that would defeat the purpose of getting better performance with Pedersen hashses. Back to the drawing board...

@jbaylina
Copy link
Member

jbaylina commented Sep 5, 2019

Pedersen needs to go to window3.
We are moving more to the Poseidon hash function in general.
The Compression of the point is already here: https://github.com/iden3/circomlib/blob/master/circuits/pointbits.circom

ChihChengLiang pushed a commit to ChihChengLiang/circomlib that referenced this issue May 6, 2020
@kobigurk
Merge pull request iden3#2 from kobigurk/fix/mimcsponge
429fb36 
fix: makes mimcsponge act like the paper description
piotr-roslaniec pushed a commit to piotr-roslaniec/circomlib that referenced this issue Sep 18, 2024
Merge pull request iden3#2 from iden3/feature/update-docs+remove-esca…
5fc8354 
…ping

update-docs+remove-escaping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbaylina @weijiekoh