Skip to main content

Module poseidon

Module poseidon 

Source
Expand description

Poseidon-based Merkle hashing on the BN254 scalar field (Fr).

Lifted verbatim from orchard-bn254’s poseidon_merkle_bn254 (the merkle-tree parts only), re-sourced to the standalone crates halo2_poseidon (Poseidon primitives) and halo2curves (BN254 Fr) so it carries no halo2_proofs / halo2_gadgets dependency. The Poseidon spec/constants are byte-identical to the prover + on-chain PoseidonT3 (verified against the live commitment-tree root).

Structs§

Bn254IncrementalMerkleTree
Append-only incremental Merkle tree of fixed depth MERKLE_DEPTH_EVM (32) over BN254 scalar leaves. Empty leaves default to Fr::ZERO.
Bn254PoseidonMerkleSpec
Poseidon-128, width 3, rate 2, x^5 S-box; Grain-generated constants for BN254 Fr.

Constants§

MERKLE_DEPTH_EVM
Orchard-compatible depth for the incremental note commitment tree.

Functions§

merkle_compress
One Merkle layer: H(level || left || right) with domain separation on level.
merkle_root
Full Merkle root (depth MERKLE_DEPTH_EVM) over Fr leaves from a sibling path.
poseidon_domain_pair
Poseidon(domain, a, b) over ConstantLength<3> — the width-3 two-input hash with a u64 domain tag. Byte-identical to the prover’s poseidon_merkle_bn254::poseidon2 and to merkle_compress when domain == level. Used for the frozen Indexed MT, whose node domains exceed the u8 range of merkle_compress.