search

noir-lang / noir

Noir is a domain specific language for zero knowledge proofs
https://noir-lang.org
Apache License 2.0
908 stars 206 forks source link

Change sha256 and blake2s to return bytes #3

Closed kevaundray closed 3 years ago

kevaundray commented 3 years ago

Currently sha256 and blake2s , return two field elements named (low, high) where low contains the low/high 128 bit representation of the output respectively.

On the backend, we are packing the byte array. However, this is not needed and instead you can return the byte array and then if the user chooses to, you can pack the byte array into low and high.

Another reason why this is not good is because it implicitly assumes that the field that the constraint system is defined over cannot represent the entire output, which is true for bn254, but not in general.

kevaundray commented 3 years ago

The consequence is that instead of doing:

fn main(x : [5]u8, result : Field, high: pub Field) {

     let digest = std::hash::blake2s(x);

     constrain digest[0] == low;
     constrain digest[1] == high;
}

You would do:

fn main(x : [5]u8, result : [32]u8) {

     let digest = std::hash::blake2s(x);
     constrain digest == result;
}