search

arkworks-rs / crypto-primitives

Interfaces and implementations of cryptographic primitives, along with R1CS constraints for them
https://www.arkworks.rs
Apache License 2.0
167 stars 79 forks source link

Filecoin Poseidon/Neptune #91

Open weikengchen opened 2 years ago

weikengchen commented 2 years ago

Summary

Filecoin has an optimized implementation of Poseidon that has gone through an audit by the ADBK Consulting (by Mikhail Vladimirov and Dmitry Khovratovich)

https://github.com/filecoin-project/neptune/blob/master/spec/poseidon_spec.pdf

It seems to include two changes: (1) treatment of the round constants and (2) the use of sparse MDS matrices.

Neptune is fortunately MIT/Apache2.

Problem Definition

It may be interesting to look at their implementations and see if it is compatible with the current implementation, and whether or not it can bring performance improvement.

Proposal

Analysis the compatibility and decide whether or not to implement it.

For Admin Use

tsunrise commented 2 years ago

Filecoin has reference implementation here: https://github.com/filecoin-project/neptune/blob/master/src/poseidon.rs, though it does not have sponge construction. They also support arbitrary rate & capacity. We can probably adapt some code from them

burdges commented 2 years ago

We're okay with "sponges" that do not support converting from sponge back into absorb to give runtime errors? I'd think runtime errors would be the only option for something like say a sponge that permits converting back to absorb only if two field elements remain unsqueezed.