Kilic's poseidon hash implementation by default generates dummy constant if none are passed. Such dummy constants are generated from blake2s with an hardcoded seed. This means that if no constants from, e.g. the reference implementation) are passed, hashes:
will differ among different poseidon hash implementations (including in the underlying ZK proof system);
security properties might not necessarily hold anymore (see, for example "Avoiding Insecure Matrices" section in Poseidon paper).
nwaku RLN-RELAY at the moment loads these dummy constants when compiled with Kilic's module and the smart-contract implemented in this repository uses such dummy constants.
When nwaku is compiled with zerokit RLN, instead, RLN-RELAY will use a Poseidon hash implementation that loads round constant aligned with circomlib Poseidon implementation, in turn used to build the the underlying RLN zk circuit in circom.
It follows that when nwaku will switch to zerokit RLN as default, the implemented round constants implemented here need to be updated with respect to round constants implemented in circomlib.
Note that Poseidon parameters for constants hardcoded in circom are t=2, RF=8, RP=56 (in contrast to what is reported in 32/RLN), while Kilic's module uses t=3, RF=8, RP=57: it follows that also the hash logic needs to be updated in the smart-contract.
Acceptance criteria
[x] Update round constants and hash logic to zerokit/circomlib Poseidon hash implementation
[ ] Eventually update 32/RLN RFC in a separate issue
Problem
Kilic's poseidon hash implementation by default generates dummy constant if none are passed. Such dummy constants are generated from blake2s with an hardcoded seed. This means that if no constants from, e.g. the reference implementation) are passed, hashes:
nwakuRLN-RELAY at the moment loads these dummy constants when compiled with Kilic's module and the smart-contract implemented in this repository uses such dummy constants.When
nwakuis compiled with zerokit RLN, instead, RLN-RELAY will use a Poseidon hash implementation that loads round constant aligned with circomlib Poseidon implementation, in turn used to build the the underlying RLN zk circuit in circom. It follows that whennwakuwill switch to zerokit RLN as default, the implemented round constants implemented here need to be updated with respect to round constants implemented in circomlib.Note that Poseidon parameters for constants hardcoded in circom are
t=2,RF=8,RP=56(in contrast to what is reported in 32/RLN), while Kilic's module usest=3,RF=8,RP=57: it follows that also the hash logic needs to be updated in the smart-contract.Acceptance criteria