Improve the temporary fix about the POSEIDON_TO_CURVE_INPUT_LEN in hash_to_curve

anoma / taiga

A framework for generalized shielded state transitions

https://anoma.net

GNU General Public License v3.0

143 stars 24 forks source link

Improve the temporary fix about the POSEIDON_TO_CURVE_INPUT_LEN in hash_to_curve #147

Closed XuyangSong closed 1 year ago

XuyangSong commented 1 year ago

After moving is_merkle_checked out of value base derivation, POSEIDON_TO_CURVE_INPUT_LEN would be three. But there is something wrong with the Poseidon hash gadget in Halo2(probably a padding bug). Using MockProver is fine. But using create_proof results in a Synthesis Error. Temporary fix: add a dummy post string in POSEIDON_TO_FIELD_U_0_POSTFIX to extend the POSEIDON_TO_CURVE_INPUT_LEN as four. Fix it once the Poseidon hash gadget in Halo2 is fixed.

XuyangSong commented 1 year ago

I believe it's the same problem(a padding bug in the Poseidon hash from Halo2) as #169.