How were Poseidon parameters generated in Merkle tree's tests?

[niooss-ledger]

Hello,

While looking for some Poseidon parameters, I wanted to reproduce how the Poseidon parameters in src/merkle_tree/tests/test_utils.rs were generated. I tried using scripts from https://extgit.iaik.tugraz.at/krypto/hadeshash but they kept given different round constants. And the Pull Request which introduced the test (https://github.com/arkworks-rs/crypto-primitives/pull/60) did not explain the generation method.

Could you please document how the numbers in src/merkle_tree/tests/test_utils.rs were generated?

By the way, I also found a slight bug. The test is using the field type F = ark_ed_on_bls12_381::Fr; documented on https://docs.rs/ark-ed-on-bls12-381/0.4.0/ark_ed_on_bls12_381/ with:

r = 6554484396890773809930967563523245729705921265872317281365359162392183254199

But many parameters are above this value. For example the first one, 9478896780421655835758496955063136571251874317427585180076394551808670301829. Actually, the following code displays 2924412383530882025827529391539890841545953051555267898711035389416487047630 instead:

type F = ark_ed_on_bls12_381::Fr;
let value = F::from_str(
    "9478896780421655835758496955063136571251874317427585180076394551808670301829",
).unwrap();
println!("{value}");

So I guess the Poseidon parameters were not generated for the twisted Edwards curve whose base field is the scalar field of the curve BLS12-381. This makes it even more important to document how the parameters were generated and which prime number was used, as it was not 6554484396890773809930967563523245729705921265872317281365359162392183254199.

[Pratyush]

cc @weikengchen ?

[burdges]

Afaik you'd almost always want arity aka rate four in practice, not the two here, but that'll never work with the Merkle tree here