semaphore_rs/field.rs
1use ruint::{aliases::U256, uint};
2use semaphore_rs_utils::keccak256;
3
4/// An element of the BN254 scalar field Fr.
5///
6/// Represented as a big-endian byte vector without Montgomery reduction.
7// TODO: Make sure value is always reduced.
8pub type Field = U256;
9
10// See <https://docs.rs/ark-bn254/latest/ark_bn254>
11pub const MODULUS: Field =
12 uint!(21888242871839275222246405745257275088548364400416034343698204186575808495617_U256);
13
14/// Hash arbitrary data to a field element.
15///
16/// This is used to create `signal_hash` and `external_nullifier_hash`.
17#[must_use]
18#[allow(clippy::module_name_repetitions)]
19#[allow(clippy::missing_panics_doc)]
20pub fn hash_to_field(data: &[u8]) -> Field {
21 // Never panics because the target uint is large enough.
22 let n = U256::try_from_be_slice(&keccak256(data)).unwrap();
23 // Shift right one byte to make it fit in the field
24 n >> 8
25}