Open weikengchen opened 3 years ago
drewstone
commented
3 years ago How do the parameters differ when using the sponge construction? Does the MDS matrix and round constants change with sponges?
Otherwise why not just generate a bunch of parameters using https://extgit.iaik.tugraz.at/krypto/hadeshash/-/tree/master/code and add to another repo? Are these parameters compatible here for an arbitrary curve?
weikengchen
commented
3 years ago First let me link it to the main issue: https://github.com/arkworks-rs/crypto-primitives/issues/95
Basically, the constants will change depending on the curve or the application. And as you mention, either pre-generating a bunch of parameters for different curves inside the arkworks, or letting the developers specify their parameters.
This is the same as https://github.com/arkworks-rs/pcd/issues/1.
IVLS has two instantiations of Merkle trees, one via Poseidon, one via Bowe-Hopwood variant of Pedersen. The problem with Poseidon, as the post above mentions, is that the parameter is hardcoded regardless of the curve and field. Sometimes, and in some situations, such parameters could be completely insecure.
This, therefore, means that the current repo is benchmark-purpose, and will wait for an upstream end-to-end implementation of a nice Poseidon sponge.