Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Hades252
Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.
Unstable : No guarantees can be made regarding the API stability.
Documentation
To generate the Hades252
documentation:
Use
To import Hades252
, add the following to the dependencies section of your project's Cargo.toml
:
= "0.12.0"
By default Hades252
has a width
equals to 5
.
It's possible to use an arbitrary value, between 3
and 9
, by setting the
environment variable HADES252_WIDTH
to the desired number.
Parameters
-
p =
0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
-
Security level is 117 -120 bits of security [NCCG] bits.
-
width = 5
-
Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has
WIDTH
quintic S-Boxes. -
Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.
-
Number of round constants = 960
Example with permutation of scalars using the ScalarStrategy
.
use ;
use BlsScalar;
// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`
let input = vec!;
let mut strategy = new;
let mut output = input.clone;
strategy.perm;
assert_ne!;
assert_eq!;
Example with permutation of Variables using the GadgetStrategy
// Proving that we know the pre-image of a hades-252 hash.
use ;
use *;
// Setup OG params.
const CAPACITY: usize = 1 << 7;
let public_parameters = setup.unwrap;
let = public_parameters.trim.unwrap;;
// Gen composer
let mut composer = new;
// Gen inputs
let mut inputs = ;
let mut prover = new;
// Generate the witness data
let mut composer = prover.mut_cs;
let zero = composer.add_input;
let mut witness = ;
witness.iter_mut
.zip
.for_each;
// Perform the permutation in the circuit
hades_gadget;
// Now your composer has been filled with a hades permutation
// inside.
// Now you can build your proof or keep extending your circuit.
Deviations
-
Round constants for the full rounds are generated following: https://extgit.iaik.tugraz.at/krypto/hadesmimc/blob/master/code/calc_round_numbers.py They are then mapped onto
Scalar
s in the Ristretto scalar field. -
The MDS matrix is a cauchy matrix, the method used to generate it, is noted in section "Concrete Instantiations Poseidon and Starkad"