Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
poseidon2_permutation.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "poseidon2_params.hpp"
10
11#include <array>
12#include <cstddef>
13#include <cstdint>
14
15namespace bb::crypto {
16
23template <typename Params> class Poseidon2Permutation {
24 public:
25 // t = sponge permutation size (in field elements)
26 // t = rate + capacity
27 // capacity = 1 field element (256 bits)
28 // rate = number of field elements that can be compressed per permutation
29 static constexpr size_t t = Params::t;
30 // number of full sbox rounds
31 static constexpr size_t rounds_f = Params::rounds_f;
32 // number of partial sbox rounds
33 static constexpr size_t rounds_p = Params::rounds_p;
34 static constexpr size_t NUM_ROUNDS = Params::rounds_f + Params::rounds_p;
35
36 using FF = typename Params::FF;
37 using State = std::array<FF, t>;
38 using RoundConstants = std::array<FF, t>;
39 using MatrixDiagonal = std::array<FF, t>;
40 using RoundConstantsContainer = std::array<RoundConstants, NUM_ROUNDS>;
41
42 static constexpr MatrixDiagonal internal_matrix_diagonal = Params::internal_matrix_diagonal;
43 static constexpr RoundConstantsContainer round_constants = Params::round_constants;
44
45 static constexpr void matrix_multiplication_4x4(State& input)
46 {
58 auto t0 = input[0] + input[1]; // A + B
59 auto t1 = input[2] + input[3]; // C + D
60 auto t2 = input[1] + input[1]; // 2B
61 t2 += t1; // 2B + C + D
62 auto t3 = input[3] + input[3]; // 2D
63 t3 += t0; // 2D + A + B
64 auto t4 = t1 + t1;
65 t4 += t4;
66 t4 += t3; // A + B + 4C + 6D
67 auto t5 = t0 + t0;
68 t5 += t5;
69 t5 += t2; // 4A + 6B + C + D
70 auto t6 = t3 + t5; // 5A + 7B + C + 3D
71 auto t7 = t2 + t4; // A + 3B + 5C + 7D
72 input[0] = t6;
73 input[1] = t5;
74 input[2] = t7;
75 input[3] = t4;
76 }
77
78 static constexpr void add_round_constants(State& input, const RoundConstants& rc)
79 {
80 for (size_t i = 0; i < t; ++i) {
81 input[i] += rc[i];
82 }
83 }
84
85 static constexpr void matrix_multiplication_internal(State& input)
86 {
87 // for t = 4
88 auto sum = input[0];
89 for (size_t i = 1; i < t; ++i) {
90 sum += input[i];
91 }
92 for (size_t i = 0; i < t; ++i) {
93 input[i] *= internal_matrix_diagonal[i];
94 input[i] += sum;
95 }
96 }
97
98 static constexpr void matrix_multiplication_external(State& input)
99 {
100 static_assert(t == 4, "Only t=4 is supported");
101 matrix_multiplication_4x4(input);
102 }
103
110 static constexpr void apply_single_sbox(FF& input)
111 {
112 auto xx = input.sqr();
113 auto xxxx = xx.sqr();
114 input *= xxxx;
115 }
116
117 static constexpr void apply_sbox(State& input)
118 {
119 for (auto& in : input) {
120 apply_single_sbox(in);
121 }
122 }
123
131 static constexpr State permutation(const State& input)
132 {
133 // deep copy
134 State current_state(input);
135
136 // Apply 1st linear layer
137 matrix_multiplication_external(current_state);
138
139 // First set of external rounds
140 constexpr size_t rounds_f_beginning = rounds_f / 2;
141 for (size_t i = 0; i < rounds_f_beginning; ++i) {
142 add_round_constants(current_state, round_constants[i]);
143 apply_sbox(current_state);
144 matrix_multiplication_external(current_state);
145 }
146
147 // Internal rounds
148 const size_t p_end = rounds_f_beginning + rounds_p;
149 for (size_t i = rounds_f_beginning; i < p_end; ++i) {
150 current_state[0] += round_constants[i][0];
151 apply_single_sbox(current_state[0]);
152 matrix_multiplication_internal(current_state);
153 }
154
155 // Remaining external rounds
156 for (size_t i = p_end; i < NUM_ROUNDS; ++i) {
157 add_round_constants(current_state, round_constants[i]);
158 apply_sbox(current_state);
159 matrix_multiplication_external(current_state);
160 }
161 return current_state;
162 }
163};
164} // namespace bb::crypto
bb::crypto::Poseidon2Permutation
Applies the Poseidon2 permutation function from https://eprint.iacr.org/2023/323.
Definition poseidon2_permutation.hpp:23
bb::crypto::Poseidon2Permutation::permutation
static constexpr State permutation(const State &input)
Native form of Poseidon2 permutation from https://eprint.iacr.org/2023/323.
Definition poseidon2_permutation.hpp:131
bb::crypto::Poseidon2Permutation::matrix_multiplication_4x4
static constexpr void matrix_multiplication_4x4(State &input)
Definition poseidon2_permutation.hpp:45
bb::crypto::Poseidon2Permutation::apply_single_sbox
static constexpr void apply_single_sbox(FF &input)
S-box: x -> x^5.
Definition poseidon2_permutation.hpp:110
bb::crypto::Poseidon2Permutation::matrix_multiplication_internal
static constexpr void matrix_multiplication_internal(State &input)
Definition poseidon2_permutation.hpp:85
bb::crypto::Poseidon2Permutation::matrix_multiplication_external
static constexpr void matrix_multiplication_external(State &input)
Definition poseidon2_permutation.hpp:98
bb::crypto::Poseidon2Permutation::add_round_constants
static constexpr void add_round_constants(State &input, const RoundConstants &rc)
Definition poseidon2_permutation.hpp:78
bb::crypto::Poseidon2Permutation::apply_sbox
static constexpr void apply_sbox(State &input)
Definition poseidon2_permutation.hpp:117
bb::crypto::Poseidon2Permutation::internal_matrix_diagonal
static constexpr MatrixDiagonal internal_matrix_diagonal
Definition poseidon2_permutation.hpp:42
bb::crypto::Poseidon2Permutation::RoundConstantsContainer
std::array< RoundConstants, NUM_ROUNDS > RoundConstantsContainer
Definition poseidon2_permutation.hpp:40
bb::crypto::Poseidon2Permutation::round_constants
static constexpr RoundConstantsContainer round_constants
Definition poseidon2_permutation.hpp:43
bb::sum
Inner sum(Cont< Inner, Args... > const &in)
Definition container.hpp:70
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
poseidon2_params.hpp
bb::crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal
static constexpr std::array< FF, t > internal_matrix_diagonal
Definition poseidon2_params.hpp:24
bb::crypto::Poseidon2Bn254ScalarFieldParams::round_constants
static constexpr std::array< std::array< FF, t >, rounds_f+rounds_p > round_constants
Definition poseidon2_params.hpp:58