Closed pierreuu closed 5 months ago
The hash function to be used in a circuit powered by plonky2 shouldn't be selected solely for its performances. Monolith, like most recent algebraic-friendly hash functions, suffers a lack of deep cryptanalysis effort that older primitives like Poseidon have.
If you want to use Monolith for your own applications, feel free to do so, but it is not the purpose of plonky2 library to support an arbitrarty set of hash functions, unless one can make a strong case in their favor (of which, performance isn't enough).
If you are looking for a generic-enough toolkit supporting different hash functions (including Monolith), I'd suggest you look at Plonky3.
The performance of Poseidon hash is a bottleneck in prove phase. Monolith is much faster than Poseidon as the paper analysis.