dusk-hades 0.15.0

Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.
docs.rs failed to build dusk-hades-0.15.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.

Build Status codecov Repository Documentation


Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.

Unstable : No guarantees can be made regarding the API stability.


To generate the Hades252 documentation:

make doc
make doc-internal


To import Hades252, add the following to the dependencies section of your project's Cargo.toml:

Hades252 = "0.12.0"

By default Hades252 has a width equals to 5. It's possible to use an arbitrary value, between 3 and 9, by setting the environment variable HADES252_WIDTH to the desired number.


  • p = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001

  • Security level is 117 -120 bits of security [NCCG] bits.

  • width = 5

  • Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has WIDTH quintic S-Boxes.

  • Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.

  • Number of round constants = 960

Example with permutation of scalars using the ScalarStrategy.

use dusk_hades::{ScalarStrategy, Strategy, WIDTH};
use dusk_plonk::bls12_381::BlsScalar;

// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`

let input = vec![BlsScalar::from(1u64); dusk_hades::WIDTH];
let mut strategy = ScalarStrategy::new();

let mut output = input.clone();

assert_ne!(&input, &output);
assert_eq!(input.len(), output.len());

Example with permutation of Variables using the GadgetStrategy

// Proving that we know the pre-image of a hades-252 hash.
use dusk_hades::{GadgetStrategy, Strategy, WIDTH};
use dusk_plonk::prelude::*;

// Setup OG params.
const CAPACITY: usize = 1 << 7;
let public_parameters = PublicParameters::setup(CAPACITY, &mut rand::thread_rng()).unwrap();
let (ck, vk) = public_parameters.trim(CAPACITY).unwrap();;

// Gen composer
let mut composer = StandardComposer::new();

// Gen inputs
let mut inputs = [BlsScalar::one(); WIDTH];

let mut prover = Prover::new(b"Hades_Testing");

// Generate the witness data
let mut composer = prover.mut_cs();
let zero = composer.add_input(BlsScalar::zero());
let mut witness = [zero; WIDTH];
    .for_each(|(w, i)| *w = composer.add_input(*i));

// Perform the permutation in the circuit
GadgetStrategy::hades_gadget(prover.mut_cs(), &mut witness);

// Now your composer has been filled with a hades permutation
// inside.
// Now you can build your proof or keep extending your circuit.