-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(avm): full poseidon2 #9141
base: master
Are you sure you want to change the base?
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. Join @IlyasRidhuan and the rest of your teammates on Graphite |
32f661e
to
bcb9217
Compare
bcb9217
to
787b8ae
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM in general. Please address my comments.
@@ -44,4 +44,4 @@ typename Poseidon2<Params>::FF Poseidon2<Params>::hash_buffer(const std::vector< | |||
} | |||
|
|||
template class Poseidon2<Poseidon2Bn254ScalarFieldParams>; | |||
} // namespace bb::crypto |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: convention that we keep an empty line before end of namespace
|
||
// If poseidon perm is active, it must be either a mem op or immediate but not both | ||
sel_poseidon_perm * (1 - sel_poseidon_perm_mem_op + sel_poseidon_perm_immediate) = 0; | ||
// If inactive the mem op or immediate selectors must be 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"... the mem op or immediate" ... I think you meant "... the mem op and immediate"
pol commit sel_poseidon_perm_immediate; | ||
sel_poseidon_perm_immediate * (1 - sel_poseidon_perm_immediate) = 0; | ||
|
||
// If poseidon perm is active, it must be either a mem op or immediate but not both |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can actually replace both relations by a single one:
sel_poseidon_perm = sel_poseidon_perm_mem_op + sel_poseidon_perm_immediate
Then later #[skippable_if] becomes simply:
sel_poseidon_perm = 0
// Selector for if values are read from memory or already loaded in registers | ||
pol commit sel_poseidon_perm_mem_op; | ||
sel_poseidon_perm_mem_op * (1 - sel_poseidon_perm_mem_op) = 0; | ||
pol commit sel_poseidon_perm_immediate; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As there is no use of sel_poseidon_perm_immediate in this file, I would mention that the selector is used in poseidon2_full.pil
@@ -9,9 +9,20 @@ namespace poseidon2(256); | |||
// Selector is boolean | |||
sel_poseidon_perm * (1 - sel_poseidon_perm) = 0; | |||
|
|||
// Selector for if values are read from memory or already loaded in registers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you elaborate a bit more? This sentence is not super clear.
|
||
return current_state; | ||
std::array<FF, 4> AvmPoseidon2TraceBuilder::poseidon2_permutation(std::array<FF, 4> const& input, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: we try to establish the style "const type" rather than "type const"
{ | ||
using Poseidon2 = crypto::Poseidon2<crypto::Poseidon2Bn254ScalarFieldParams>; | ||
FF output = Poseidon2::hash(input); | ||
// 64 rounds of hashing should be enough (1 << 6 == 64) per full hash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe let us introduce a constant for this 64 and some explanations (related to sub clock, etc...)
const FF iv = (static_cast<uint256_t>(input.size()) << 64); | ||
std::array<FF, 4> input_array = { 0, 0, 0, iv }; | ||
|
||
size_t padded_size = input.size() % 3 == 0 ? input.size() : input.size() + (3 - input.size() % 3); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should do the job: const size_t padded_size = 3 * ((input.size()+2) / 3)
|
||
for (const auto& src : poseidon2_hash_trace) { | ||
size_t padded_size = | ||
src.input_length % 3 == 0 ? src.input_length : src.input_length + (3 - src.input_length % 3); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above
num_rounds_rem--; | ||
} | ||
// Careful - we assume here that the permutation events are in order | ||
std::advance(perm_event, 1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this equivalent to perm_event++ ?
787b8ae
to
a421532
Compare
Changes to public function bytecode sizes
🧾 Summary (100% most significant diffs)
Full diff report 👇
|
Changes to circuit sizes
🧾 Summary (100% most significant diffs)
Full diff report 👇
|
Poseidon2 implementation for internal use by the avm in bytecode hashing / address derivation etc