Hades252
Implementation of Hades252 permutation algorithm over the Bls12-381 Scalar field.
Documentation
To generate the Hades252
documentation:
Use
Run the following to add Hades252
to the dependency section of your project's 'Cargo.toml':
Hades252
has a width
equals to 5
; it's possible to use a different value,
see How to generate the assets.
Parameters
-
p =
0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
-
Security level is 117 -120 bits of security [NCCG] bits.
-
width = 5
-
Number of full rounds = 8 . There are four full rounds at the beginning and four full rounds at the end, where each full round has
WIDTH
quintic S-Boxes. -
Number of partial rounds = 59, where each partial round has one quintic S-Box and (width-1) identity functions.
-
Number of round constants = 960
Example for ScalarStrategy
use BlsScalar;
use ;
// Generate the inputs that will permute.
// The number of values we can input is equivalent to `WIDTH`
let input = vec!;
let mut output = input.clone;
let mut strategy = new;
strategy.perm;
assert_ne!;
assert_eq!;
Deviations
-
Round constants for the full rounds are generated following: https://extgit.iaik.tugraz.at/krypto/hadesmimc/blob/master/code/calc_round_numbers.py
-
The MDS matrix is a cauchy matrix, the method used to generate it, is noted in section "Concrete Instantiations Poseidon and Starkad"