search

arkworks-rs / crypto-primitives

Interfaces and implementations of cryptographic primitives, along with R1CS constraints for them
https://www.arkworks.rs
Apache License 2.0
182 stars 91 forks source link

[BUG] Poseidon sponge is doing an incorrect extra permutation in Absorbing & Squeezing mode #151

Open pventuzelo opened 2 months ago

pventuzelo commented 2 months ago

While testing if https://github.com/arkworks-rs/crypto-primitives/issues/150 was fixed, we found this new bug last month.

One permutation too many when squeezing 0 elements under certain conditions.

Executive Summary

In the squeeze_native_field_elements function of the implementation of the Poseidon sponge, if num_elements == 0, then we are going to permute once too often if we are in Absorbing mode (whatever next_absorb_index is), or if we are in Squeezing mode, with next_squeeze_index == self.parameters.rate.

This permutation should not arrive. Since we are squeezing 0 element, nothing should happen.

References

Poseidon Paper

pventuzelo commented 2 months ago

This bug should be fixed in this PR: https://github.com/arkworks-rs/crypto-primitives/pull/148