HarryR
commented
5 years ago This is the Preneel one-way compression function using the MiMC keyed permutation, to turn it into a hash rather than a cipher.
See: https://en.wikipedia.org/wiki/One-way_compression_function
arnaucube
In the MiMC_hash.sol line 27, is doing
r = ( r + in_x[i] ) + hash(in_x[i], r) mod q. Looking to the MiMC paper https://eprint.iacr.org/2016/492.pdf at page 5 seems that is doingr = r + hash(in_x[i], r) mod q. Why is the implementation adding( r + in_x[i] )to the output of the hash in each iteration of the loop? I don't know if I'm missing/missunderstanding something