Table of Contents
Poseidon_rs is an implementation in Rust of the Poseidon family of hash function.
It is being developed in the context of the EIP 5988 which proposes to introduce a new precompiled contract implementing Poseidon hash function over finite fields in order to provide an improved interoperability between the EVM and ZK & Validity rollups.
It is a work in progress, do not use in production.
- EIP 5988: https://eips.ethereum.org/EIPS/eip-5988
- EIP 5988 discussion: https://ethereum-magicians.org/t/eip-5988-add-poseidon-hash-function-precompile/11772
- Poseidon paper: https://eips.ethereum.org/assets/eip-5988/papers/poseidon_paper.pdf
- Reference implementation: https://extgit.iaik.tugraz.at/krypto/hadeshash/-/tree/master/code
This section describes how a hash of a message
Poseidon uses the sponge/squeeze technique to hash a message with an arbitrary size into a fixed-size output (see Fig1).
The sponge has a state
A sponge supports 2 operations: it can either absorb field elements or squeeze elements out.
To absorb a message of
To squeeze elements out, the sponge returns all or a part of its outer state and applies the Poseidon-permutation to its state.
To hash a message, we first absorb it entirely and then squeeze the required number of elements out.
The inner state is opaque: inputs don't directly modify it and it is never part of outputs. It is essential for security.
Our implementation hash messages of length a multiple of the rate only. Supporting variable-length messages would require a sponge-compliant padding rule.
A Poseidon permutation behaves like a random permutation. To achieve this, it applies many rounds of simpler permutations. Rounds come in 2 flavours: the more secure full rounds and the more efficient partial rounds (see Fig3).
A round function consists of 3 transformations that modify the state:
- Ark: the round constants are added to the state.
- S-box: a substitution box,
$Sbox(x)=x^α$ , is applied with α chosen such that$gcd(α,p-1)=1$ . - Mix: the state is mixed through a multiplication by a
$t×t$ MDS matrix.
In a full round function, S-boxes are applied to the full state while a partial round function contains a single S-box. Detailed overviews of both functions are given in Fig4 and Fig5.
Hash's security depends on the selection of adequate round constants and MDS matrix. In turn, these constants depend on the finite field, the number of rounds, the rate and the capacity. This makes the Poseidon hash function family flexible, but one has to manage the parameters in some way.
Several propositions were made to overcome this difficulty in the context of EIP-5988, among them those proposed by vbuterin :
- Add an extra global execution context variable which stores which state sizes and round counts have been used before, and the MDS and RC values for those state sizes using some standard algorithm. When using a new (state size, round count), generate new values and charge extra gas for this.
- Generate parameters in real time.
- Pass parameters in as inputs.
As a first step, we have chosen the first approach. Different set of parameters including MDS matrix and the round constants are hard coded in the library, but one could extend it with other sets of parameters.
Parameters either pertains to the sponge construct or the permutation:
- Sponge:
- The rate and the capacity.
- Permutation:
- The finite field, completely specified by its size.
- The number of full and partial rounds.
- The round constants and the MDS matrix.
The following set of parameters are included in the library thus far:
- Starkware: https://github.com/starkware-industries/poseidon
- Mina: https://github.com/o1-labs/proof-systems/blob/ebe59f35f5cb6bb33fc0ed3c4cb5040d8cd81247/book/src/specs/poseidon.md
- Install Rust
To build poseidon from source:
cargo build --release
The build generates 2 librairies located in target/release
:
- libposeidon.rlib is the rust library file
- libposeidon.so is a shared-library wrapping the rust library with a C-interface
To test the rust library:
cargo test
Tests for the C-interface are also available through golang in the tests/go_tests folder. From that folder, one can run tests (making sure the shared-library is findable by the linker), for example:
LD_LIBRARY_PATH=$(pwd)/../../target/release:$LD_LIBRARY_PATH go test -v
Note that golang must be installed on your system to run the go_tests.
See the open issues for a list of proposed features (and known issues).
- Top Feature Requests (Add your votes using the 👍 reaction)
- Top Bugs (Add your votes using the 👍 reaction)
- Newest Bugs
Reach out to the maintainer at one of the following places:
- GitHub Discussions
- Contact options listed on this GitHub profile
If you want to say thank you or/and support active development of poseidon-rs:
- Add a GitHub Star to the project.
- Tweet about the poseidon-rs.
- Write interesting articles about the project on Dev.to, Medium or your personal blog.
Together, we can make poseidon-rs better!
First off, thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are greatly appreciated.
Please read our contribution guidelines, and thank you for being involved!
For a full list of all authors and contributors, see the contributors page.
poseidon-rs follows good practices of security, but 100% security cannot be assured. poseidon-rs is provided "as is" without any warranty. Use at your own risk.
For more information and to report security issues, please refer to our security documentation.
This project is licensed under the MIT license.
See LICENSE for more information.
This implementation is inspired by earlier rust implementations. We would like to thank arnaudcube and neptune’s contributors.