Use Keccak256 for derived constants instead of SHA256

HarryR / ethsnarks

A toolkit for viable zk-SNARKS on Ethereum, Web, Mobile and Desktop

GNU Lesser General Public License v3.0

240 stars 57 forks source link

Use Keccak256 for derived constants instead of SHA256 #90

Closed HarryR closed 5 years ago

HarryR commented 5 years ago

Use implementation from: https://github.com/coruus/keccak-tiny

This will make any on-chain implementation moderately faster where the contract is required to derive a sequence of constants. e.g. when hashing data using MiMC.

HarryR commented 5 years ago

The circomlib project uses sha3 for MiMC constants: https://github.com/iden3/circomlib/blob/master/src/mimc7.js#L17

HarryR commented 5 years ago

Another library is: https://github.com/rhash/RHash/blob/master/librhash/sha3.h

HarryR commented 5 years ago

Implemented in https://github.com/HarryR/ethsnarks/pull/105

The mimc_constants functions use Keccak256 (Ethereum compatible).

SHA3 support comes from https://github.com/HarryR/SHA3IUF