Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stdlib poseidon inconsistent with circom's #1162

Closed
1 task done
joss-aztec opened this issue Apr 17, 2023 · 7 comments · Fixed by #1176
Closed
1 task done

stdlib poseidon inconsistent with circom's #1162

joss-aztec opened this issue Apr 17, 2023 · 7 comments · Fixed by #1176
Labels
bug Something isn't working

Comments

@joss-aztec
Copy link
Contributor

joss-aztec commented Apr 17, 2023
edited
Loading

Aim

Noir poseiden hash outputs should be consistent with those of circom's.

Expected behavior

Hashing the same inputs either with circomlib's implementation or noir's should produce the same result.

Bug

In noir the following expression evaluates to 2006158340318488760025443826385193554248487533762005435528482214650964641219

std::hash::poseidon::bn254::sponge([1, 2, 3, 4, 5])

In zkrepl the following component usage logs 6183221330272524995739186171720101788151706631170188140075976616310159254464 

component hash = Poseidon(5);
hash.inputs[0] <== 1;
hash.inputs[1] <== 2;
hash.inputs[2] <== 3;
hash.inputs[3] <== 4;
hash.inputs[4] <== 5;
log("hash", hash.out);

To reproduce

  1. nargo execute the above noir snippet as the return expression of some circuit

Installation method

Compiled from source

Nargo version

nargo 0.3.2 (git version hash: 89e7936, is dirty: false)

@noir-lang/noir_wasm version

No response

@noir-lang/barretenberg version

No response

@noir-lang/aztec_backend version

No response

Additional context

No response

Submission Checklist

  • Once I hit submit, I will assign this issue to the Project Board with the appropriate tags.
@joss-aztec joss-aztec added the bug Something isn't working label Apr 17, 2023
@github-project-automation github-project-automation bot moved this to 📋 Backlog in Noir Apr 17, 2023
@joss-aztec
Copy link
Contributor Author

Observation: The integration test noir/crates/nargo/tests/test_data/poseidonsponge_x5_254 expects the hash of [1,2,3,4,5,6,7] to be 0x080ae1669d62f0197190573d4a325bfb8d8fc201ce3127cbac0c47a7ac81ac48 whereas the equivalent circom gives 0x1c2f3482dbb140c4ebb9ada49abdbc374a9a85fcfc6533ec2e9df45b4921c318.

@joss-aztec
Copy link
Contributor Author

Looping in @ax0.

@joss-aztec
Copy link
Contributor Author

@ax0, was the expected value used in the poseidonsponge_x5_254 test calculated using some reference implementation?

@kevaundray
Copy link
Contributor

kevaundray commented Apr 17, 2023
edited
Loading

Observation: The integration test noir/crates/nargo/tests/test_data/poseidonsponge_x5_254 expects the hash of [1,2,3,4,5,6,7] to be 0x080ae1669d62f0197190573d4a325bfb8d8fc201ce3127cbac0c47a7ac81ac48 whereas the equivalent circom gives 0x1c2f3482dbb140c4ebb9ada49abdbc374a9a85fcfc6533ec2e9df45b4921c318.

That integration test is failing I think -- can you check what actually gets printed out when the program is executed? Its possible that it is 0x1c2f3482dbb140c4ebb9ada49abdbc374a9a85fcfc6533ec2e9df45b4921c318 and we may just have the wrong value in the Prover.toml

@joss-aztec
Copy link
Contributor Author

println yields an entirely different value... :-/
0x103024a4d2c1fe3ad3bf09dd9bde3c7bac29f01dfe11320b3abc89733e64cfeb

(Aside: I had to comment out the unoptimised poseidon to get my computer to execute in reasonable time)

@ax0
Copy link
Contributor

ax0 commented Apr 18, 2023

Hi @joss-aztec. Thanks for looping me in!

So you are right that std::hash::poseidon::bn254::sponge does not agree with Circom's Poseidon(N), which is not a sponge at all, but actually a single iteration of the absorption phase associated with an (N+1)-element Poseidon permutation with initial (N+1)-dimensional state [0, ..., 0] and capacity c = 1 (here this amounts to tacking a 0 onto the front of the array before applying the permutation), which is then projected onto the first component, so your first Circom example is actually the following computation:

[1,2,3,4,5]
==add to 'rate part' of initial state==> [0,1,2,3,4,5]
==Poseidon permutation on 6 elements==> [6183221330272524995739186171720101788151706631170188140075976616310159254464, _, _, _, _, _]
==projection==> 6183221330272524995739186171720101788151706631170188140075976616310159254464

In our implementation, we can check this result as follows:

constrain std::hash::poseidon::bn254::perm::x5_6([0,1,2,3,4,5])[0] == 6183221330272524995739186171720101788151706631170188140075976616310159254464;

Your second example would then read:

constrain std::hash::poseidon::bn254::perm::x5_8([0,1,2,3,4,5,6,7])[0] == 0x1c2f3482dbb140c4ebb9ada49abdbc374a9a85fcfc6533ec2e9df45b4921c318;

The std::hash::poseidon::bn254::sponge function is based on a Poseidon permutation on 5 elements as suggested in the second bullet point of §3 of the paper, and it agrees with the Arkworks implementation with the appropriate parameters as may be checked with the following rough-and-ready code:

// BN254 Poseidon sponge test with t=5, r=4.

use ark_crypto_primitives::sponge::CryptographicSponge;
use ark_crypto_primitives::sponge::poseidon;
use ark_ff::fields::Fp256;
use ark_ff::{MontBackend, MontConfig};
use std::str::FromStr;

const FULL_ROUNDS: usize = 8;
const PARTIAL_ROUNDS: usize = 60;
const ALPHA: u64 = 5;
const WIDTH: usize = 5;
const RATE: usize = 4;

#[derive(MontConfig)]
#[modulus = "21888242871839275222246405745257275088548364400416034343698204186575808495617"]
#[generator = "7"]
pub struct FrBackend;

type FrConfig = MontBackend<FrBackend, 4>;
pub type Fr = Fp256<FrConfig>;

fn vec_to_matrix<T>(v: Vec<T>) -> Vec<Vec<T>>
{
    assert_eq!(v.len()%WIDTH, 0);
    
    v.into_iter()
        .fold(vec![vec![]],
              |mut vs,y|
              {
                  let l = vs.len() - 1;
                  if vs[l].len() < WIDTH
                  {
                      vs[l].push(y);
                  }
                  else
                  {
                      vs.push(vec![y]);
                  }
                  vs
              })
}

fn str_to_field_matrix(m: Vec<Vec<&str>>) -> Vec<Vec<Fr>>
{
    m.into_iter().map(
        |v|
	{v.into_iter().map(|x| {Fr::from_str(x).unwrap()}).collect()}
    ).collect()
}

fn main()
{
    let ark_string = vec!["6652655389322448471317061533546982911992554640679550674058582942754771150993","2411464732857349694082092299330329691469354396507353145272547491824343787723","21491443688002139478732659842894153142870918973450440713149176834049574486740","20196926676989483530222124573030747187074792043523478381149800153065505592963","12986278951352369831003505493892366673723882190521699331613883287145355738793","21126146258242782643168619000295062005037298340836817770565977031890883232034","15509665795506578582538177431401381655815033647735781734613703976071034655246","6989769181472743404364681671283889685042701491627165526899522083327752110839","7062179885254277466334896166987547257487047183881628199983668518000910197987","13842521112365108087725039904948872289730786568469683976372377853164252494752","3830559505943186272618534143266118508463381443414165428900505002474439179836","17704863473432653834041116667846189591617394753001613253930974854399793083900","875580502229441633079974792778818749112423694973231971690365132230865385439","1971134273535892826573832061354985059300866001765691176219451252512658771248","4865738840363990164915013008693722144676933915103280504727326977328013515878","1148603338028060679975883868174895825055359423662532941509525326937127571764","17506086433923270253695698017062834613463718526046463655503742220257039588796","21580033018107258179208198773211859664893072138803756118939260252922297665067","15411900706973212043830142913959920716501447427702082030760032355626616412240","12219699506725448409610279620972339448030565224304464695714944121760832152291","4525719544192047521328360848269156485222470829314314216955024799558286708479","19667371373588322336224317159113441765198420040800065314868656839300028747331","18916925604689704279265158984702141998345424765142129953154245912230835240445","12789343981741773931665143789673052782408749041041266509485929045869073416222","3094428508959717445577232225505810354980663487713729230015754183012845687401","18544590634480965569098056786078005630500574069468005220462377474861119476492","20990087440247450018723844204951613913840993427110495085701200965767234569705","17552251989761134508416634118845221324472178264364440017634233349418103869223","21000797802575507763447855752602183842956182733750968489641741136166640639409","19292751508591545849778577901067988044973302547209758604667395356943370737868","18314088316445539319869442180584299715533304874169767778761887632882728399870","15003745150856597539000559910957155642193629735521291045949652201905498569732","7839443900003691950104175747634267110464104444913379977500178134209666299140","13568305490393393394812598233983935295266242465548739772708079888867621061127","6453005227995051361096639028742707098785560656441339640433794156400437698140","1420171596348195609536167209221442141824294918625468780931400849866478645240","8347329128252205996443084339884155586061343024498283583400215109265013719709","7893774494551056447960817286805128884970061671041428326788899872964096959040","8970476243368194065341537088653900235777512204874037182428362347342487241690","239049405935404678508864874854718951364753739466303321590415544572014148257","15772878921699764223771017074289335629553777447709755479885293350677783703695","5416082112919155131434995906647355834510201879607888732259087164602171650389","4384524908062410354304345761652962203632712291085564157560146286207296352050","4210984612917608245844011498198864216639269565627982123611519493203177283139","18816442907032290878644773027005263628136050677095986565400687355912498966559","21443510232279945782338486087712914668515437675585863788610958361560172084515","3234314779308300525339049581669531363375743827111579883853941968586490182859","11029499234949696730080035941750777601416171837281021031653841244636590396063","11145210633226924132308292113124660576759662647204939721872338908644906571564","4583160563963432761409369246361117506465307518522062239686649163525543782173","9813992026757562966842771727657080117609486122615087352428596024939855084450","10084171857039480706430282187972782725948479260179367780776125786119489581409","3874212709197875589640151274548083098712939093643165182881681226579903752816","21595542491397091124739711708612983479307589335640792812157875295064235960610","2068530815441314105493629066002923150651375034543842424822712297257260726954","2673459852071215292298131389250564595426361004231758522146794940265552265806","8591046256746588406353455230465605224309754008961178558834659065898923355164","1020055192431352394776887540248098706183934464205704158014904833376067287118","11085709480582865378042656141271006552092494690130782253913953070642865919312","5673844083530503489429922596812992664928167369104420134641855283771127716005","10492199162275168254265892158402955076490959375050993042712629236807564461542","2280843393156259739329331366624245275580688891778782679394848304764573859886","6807797027131305026345508953353882265754363485246407959111359919046340709440","12692191384043938397944633973317584101723715998700063415107128429315536223446","19818676957110967644349139912613239435706480354664804036688552936554140369382","18055602608192644695569077694296748842203151828348990995792087204755925787339","20934555391215769430553078793246717148484784880715746179415906355043590089450","11420705181439111353998210442417752592951340005396931802449360401461783159557","19878854521263746227125001670931867821366047088989510542865511663910116386085","8568201846715449867087132677683368912214864824182424933182820310911278496552","19198701614488576617610339232794062430644024620523684127268879880793305460015","15262122764244854433806270478871594904740306012582364033343126589996733802868","6412758421155818207287638337822550233376667015263373809976157264137577776202","17371585001641430978766734501830788427263945848682170096055857509304472649262","20262970042379497707724791203314262108784948621691331141565359315001027736581","3859750447119748295302212198327542106766447958113540005985799287718502362717","1172269945800307665458943534144481495673510885455899148864236015097947176746","8164247467959680477306326470118519335673181279975551434197731340070491876250","4513977811114181395323888111232002391599397736872779927267726121435887238972","1075250595927474080680862736233039825365918646878264905022213616210377518447","18658420120424372681792175914064174056413842231969276203770574969914576681364","17769673440848360838244654765103041739044212539359630263894092078288342647801","4319086204044362848967484441065231939136453667264715596505827197873119273506","11221173270629292820060668122527062274557317856738971635698169204652845111606","8635411372759272135249379415383299350267629947167809163276219879514948820576","926977621651476360285369760355547766944001783780761167546467658394097283069","17702143780592866375901805387463459229828093905183622296234691441436877570082","629612289140842594504574984021125242351317893847688437087866691775821981724","19990548577495092294245865870717186004301934545721835081514347926537975465539","7124830628609719908679298707909792306162298058570958688501370177898647946696","14620227791860703231425817538142948793892390269806790476396226159679984968174","18495581997440241868332244230687799183899751339442721677540757155760745277888","16922065056093401385376103551657968760602009001905886435813054626317776258714","9969610601962874779035054685661667941954971427956866645694064022029705170229","15281641269114187762159685323068136816556739502211864119670902056596295644116","12114994625438879103001132949163961965524612903017200394727056658298824651596","4840986177718281128440833017205097196672382395936939379498412745183060615212","12847307562796769659308999092658905656250954898192781948610713494470441775991","20290096217351155282642224215178246911041509999959311313223857240001143893317","16151664509646153154405691138084115125600386733136285504828908979176781265710","13848845391482751436287906247470303487958950799995701248612703022979890932133","6335716166231441585596963683321661194889815181545222079376536449814718259931","1824302750039354704619545544386637317858342555634601563660279997221547953768","11327469654081586239268713126961534952233559223228327222485848924908493444712","10077703415170135154603829433031861799853903739210136452726077323833067256620","16368073884579385814331927334821006319227867093692644942500207970751483237405","10621580796499573269115131164341885791299038227955222944695715163010783205295","2099241376651019397894434242565225315652133572870234550073686122343103853816","17104632243449417396641550271977294699471083572885397875525767745512335891599","1935453754847256492223646005402770357836971113012418013930273797463411526183","7492761611332930896292052363224494314920390056637668407353957465667515477934","16836705924460095689555600825174696605443212968244843485187771119291716736958","16995495500678141665340056658079449793587669420913589967848082091551329904176","16097379973857697753436437302681608056543122759719328497348770844548177814262","17476569537128329379528694049566216604638194592812108658767104922628767500420","17997217989870184804787026924935938133194070033518938653831611194683423549591","17573343771046232580761295935281170028624495346579002725814597714902588657750","2450087639204541254902859018960918562514681200270997307467560465282168310665","17288084325555056222618040923753050382954155896826087372317882602328092535440","21837047676579063581498107773514419735425738753079336764356909012851439336687","370061273472837873736743292149368449614309676635341873070086681342317566380","420725183996224279379885018872359102189091670793820517618337092091910692771","4966571645678139143731798992823327185758562224229132271884647901363447388530","5039558223429273757296118284876763395391635773837549121798873235133698166026","14663152729953724779401067486012084029581847325524052152795817923033297673686","7201040456590575809960214033959496417566605177095808543357813677845263237276","16872945504528960415453618286121813996587432836152082188694652370255998768595","4914824783780909279212078186433590922437371437384817332713271291839616026466","17503018483514413315464207189113334433424965178631599286655188843769810245465","4087750571011463387872022799241315348852213278729592692674275176152296405923","4006961923780091252337105595934918049936238157468198971234322013673884171131","4481908842184366902145805444001507554481032302978790080019710161108326487967","13532316826436461968093937893872910736305115143550039673102602344678825540956","11602986656925867325907196773754426955346837006705269228226729102186031417465","15306992574062791537454541745213815567999895856471097922112648012979731636068","4497571735611504561173050536899411999551839050319538712220770383407135602945","2571242673174714867278075260451133687893879636121064640779554188161591611843","7070272070524747733177730083966686149849667613589868731851816020060781720851","1308310289745495626002351437755820460104812708071634598163946330870933261232","9483468192990391193401121929514821570714432121414330663623018046165053411090","7317568349845215930675847155716598288688799068821709820024570206796617676748","1918505733423704616434273602054555051755671749253598966287072464475922854850","15158168161084905689406532256983805923258003804476527617207287404280855731962","6855540174355511438343304861678411868002455139032857270673849263857877330771","5989863238360846166935911112885654223487221280254816980802479355446167746774","20283337058688740322296928691341300752003492063748410749625272920572074851396","18957132189629332408653055312790838576277703952267542471751593810468444454136","15764518568966520670995753676429154315765754748131847346608706222194564055358","7192524197002826721654253762628934164676539329903087107420445743247046038858","142950766663597487919643890566358241353679421113406309294925836697585309311","15012262168187689680572958978610204856600235635916074406168861726626292993057","20795666834671497603181209610179324236645779324677512349797033323222380300794","12650341271833683789775531792948185319868795529390391267833516836256688318306","5597700232877580665749288204589530549415282468176625525368428476461504532052","20949303924691159143653175365242293984396858344688574262804199947001630916385","10746523145835332938672833282581864816136388045771578294905302886974358762209","4998982766221590779170630035756820066555357949247521575936385387288356143784","6936999580131731861735955554005106460473097800566952971315565150681540640020","6670695360676548472482680016233507548657051302712214051977034166870814430578","12210816592786563975173850937247594401582085430897698766795696447223454826466","14933901149105284237676334791785996160108290333321693498322435129559137152007","3848529433916624869590379003597911090976938589461403388133685310398004369431","12778805225074604003024964969486878839359935515509480774809299341511161183802","3288267180428684202786697419666969564766921974531343432588030535602163038467","1272672432174256751826350693883913844502039730140570583479554071765667798207","21130828804874452930669244946376257892693846272313548250936991077452679117587","21254559353072473881932828401787134230282801383134765683324465204971002861493","4116075860631781527931204624078712926526805345818156200756399332393348685924","17435888597009729827411190999389277840088354756277916760187756022854497211746","15837398163415665169712832984380121382150588321621493928953938599666110830812","17988638446757562417082379159769772097890681265659458369075768452342579854303","8144561030363576879343874888624208577604401139613622673042754207987577727758","20020299925602421262203305284307419339160247406220693128040712457114283033661","2945951415037890626891130390523013930737768652394758977777336357159436605764","1505954324723537402640844232704189835623922400329086438898375859826553573763","11851584491756305117491374581845512067704002072833714119284164514457248861803","14471204965036278214508938537949717553799007630471016532866101610339050785912","7163557293233604902868673807221391042191134560333950452577270522828534690707","17291625782465108601367695465389799786592304061550212130987221355832952230827","10240907112109243116543462081552827576656826251172050843989873656917271396422","20702261919346727858635106264046787321170414155594199951578791234276181642650","16678253307828004252292273162411388452019952018258857370242272543091326285541","19810917631941180098047817620026253706643400683524412974923209268916769874447","3357220165225360610202375608872621445880880830154732998557832689480921421791","4392285438534542495332422274902727975330102148971785438164412161504066619105","14642025133729666610167675086855441462580619607677226879159952689184960379911","18142623439987890999821892559271093087005885278955082040377769578204898750505","11769399023330099592616157336702104329646487200891911089287290893650532639221","7261353756299584174448625214367175510387913706095214313669922259027644778060","10406994568199070863112470594593301582798997458844791396920771226539013327304","7475277967562870216712397220016587384793504784585573136176313471517144184018","9598064630327104406929367986473441777975480987434868213697837347643980267620","21137410002545951849752865514437404724653771608225272412595423069852350320648","12345612867231779996383303763804719815752861524077922121654106906093103051400","16461750199070055335468534730937701659470268635084522644824623393184528879703","7829250842543018165409887731515254191943527926556191989558018633300783421935","19801151644322693878208767560968285812646931156576102755771403150148125880648","808770634664491371274943928223981161442027957963181999892266696287962813461","2298122748772261447929855283951027113218922003687701626762072351622993276571","17407798064458858450209051887305178872029674498718760624162479511390762310526","18585562277464562541666582720366573863334618817908062612923861658144918595030","733976598693219656339731904831283238690050114241501938501377743874139460889","11316063986696838098122262534148335669847478050407756877728672233736962269417","17614529714381496379478130066245111825610297227468263851608027100133421612826","12110694197729365219340374599835523099651939156213930558791147158357810646901","4337343008663255658976574468931581484970687989356019720784093082313510905405","1379188959674402095268172673987199124815512095460112504778179157481327937561","3116148242507754420428768481157196067508084836097458698846114802493377512591","13306507137873332434793374848948087993544118494881134631519748904811343155566","18496878480807017010077624766326681523549495609998881196570603040242554712562","3940126764022508707486095199473913866137718790062498893812401335738707507732","10030078765792498033316282784150304209584388923549357286679864120250994473810","18519871685760382462428068450331593474924737719734568498029727699878543899254","12599428893576891013523136950822667754415283296587096197120138265392279834128","16038578953099895530943034305356008247313649524436132877362941968861459073483","14319233878082524834510736727226054073026413911339853399113450188859080424272","13710161613540579690732775978855380876556751245265568031703536595040993113748","14958726446649273856607176275240008023824615720456760403465034344703779274727","20935428111942360630758629263346308597806819928838924586682307174931367773605","5826394436548487315966647466017047216786257295199620110266250301500717796281","31401797997389676486806123612280306684597605608110075525648021056710776011","10784171495708237485952707518956314344821522727746927291389338644844400581452","11604345371765580191117799693565193618158448665352599382713281103552305960442","1378145039624937931836538950217364481423707761527018494355648047365613434790","10284294167221806561993937798090888689421933711157676807977401896199778472860","8233695574758520342808807499924062869636681352769371531557726871630696672029","6570581391072134029876349038190171593169496519436674767949949730275868319732","4026501263908027819614805027945064360196399012004574117767831931274788631138","21091098569404004244061462065218203986433580687172854429523306262593782053656","20711772916118045406356429185975897495222240215931761100801599257137350834799","3165519312799351250309462589160165591299333587158531489859211268084164422251","16470663723473939739601217501478624726068461799539012562455639586886033078064","15672299304945968727435591100602007503785845873606917887638890765525875123857","21393538327627889838198844493522533627143658125568123117776524944297103649079","7688819203734248199049004650451546300187194458173935784579101984183800649342","6609663518412297884695057080546416278366560290439222127471462938252865438638","3476303650597281786976907813110835564442121684386467570637538230409080744769","20633582549754495054832414039299188930065286005370053173386561254823483851717","18067076834611402459142612082327591538480657933568191619109271502102126814407","157209609820117793892254328219308970217366919934739036156851508233236414461","1848396116513925340973398423998379465460554039715233953825786874352442451413","188642786730195655565401615804782553245486295156304142809552609651873793325","540089254487190924787439362270708251103955915909358626209177199653451469720","12796274768956950589847157187031845061404119522843128177103898080653493269942","1785666356337148874573621868025910291826158842346617719666738769156993598966","20649919247042517528354490854561347316237285929352042389729444382153378749538","9568390566108569727471722677925269460696523515877621230569682954652430518787","8590683334740232786825518158771304803451657249486419816607179533515442407283","9321198393538172042803957409292145345834077448228642847843261373640165958582","3651905214805616378360839954289447530035139753215923648216350128870943481828","1324345422558073117779462079218851558068746895262914344818945294328678893083","6666363895154434021620869731925915051086919707989020578203743660669796175288","9850757893972463103359995012900314323213006625927501272997539940766979170137","10214293226445704940138790188111862069675188797488928722469679760666574484266","16862124085118494177559484642483513597285992646267864845521573612482278871023","9172340118369291059693735314505606817316211450324955429310200429408035954801","1968992755714619414656181112336357119271845800144345284299978250769356388249","17192498940296212027365280042755701662136570107224000496521552617655679821443","10063385968535643122430064779260670089120686456635080613693015398478175344193","20101961459945738562625328882763768836449780661345042148985756598106706734632","12704305975772252539534386080950631076046431529894091327218544197389260775334","3008242816727585639441748210631464697850194693570485141354082562181236010097","7797705698071555811456747812384107102104184812467361013142453143842134807658","19323240331433203844038522035479659453946066968727795017745942269828428751105","1698137797127320576751729191866734754105401103859852376273763815257758421427","17656850887825900397821271738817912328294075224643535784810269137125067875996","20755447986835730799031196367323817361150623932048563112034040627213597261325","6221130271964372280138992636208062417325313096379273438539556580491430711297","11042709376363248213366896208587241517252100440844476816212498352999929578287","987361321094619571176752720390429919723900732295551211263814448408232028205","15077982986114392945859048373768437818569856001604485167476360943078774679228","6278894644165961404521866714059972066255652200107181684047812674333675794053","2649747800006903047073625320829560088088800522557851927539477888486006072675","2636278052351769676017824297717609512488651850924228608531372135635042762078","816232991472315395984098922575496846552245086608787214581606973359616326446","14372687274434205592004117128588852491871014819273428668840779210928924573820","7351401720390274950322621121981079413650308506660552567079785209176949174210","10275293929161727274572318228903710245677747557851999483919909420098936352013","14869686444606195206734119702227763209172799407142930791211203702643805341518","937617196362766626935279232045712623531859540210120280128165029613358941709","21331527351771920568751070369057714014285398281585036009305608379072813379081","4305436470381074948146072259605215282335211631970525440530773004228212378618","5894273721571292784412707230481346442881109207745969297947253583203466014760","6512250441044591603946512492071171861967500633638753443182294740883123881284","20863871952569294813936866452848141274047362082838805921071316386912981651979","18788566662709810970880679984141390717017951403407913908833463086244783373013","7784927597396249543149135503684024377171301321636804832597181795981969626201","13818519831569592521516488188127966399245767953522268350556654747680372036664","10515208647860053151690062640705322684876580250632027862984821874343071549235","797604926079325807488629085866693514275115789253871397971708541758696512985","8741784289526985522570446847275649913333939699807282742190607491216732972386","20966712704043418981047968701828936463778140093909973286855779694780086635828","11359697297415630167449040380538108774924967116147664240213257348125754475868","8070907838094569287067982462230761680706116783989613960066342967469297961118","1868550288036217638713133945402464194193242298015503906068429633793800456561","198709459347510170000840600179608479136663571567208109852828485236018304733","1601154135701845545733926027872374554514541574822026314034696802419388627041","4363994778006302991481199477873248350039564117453810275561422974475581105893","773054378219982710451611471050404495804413666789496412742983455527754059148","5209426340109575519362014651321132459061755868557415513439993327176584352934","16124961412020675839394907565568143713078242978522632778625312854364651991011","20812496670075231301471694692369245988519082317145989298573032859079075730004","3312489967581906638742585802390894285073229440039144559060030129184388053832","2967475373447822846542676378804990140732835322255774209561143670843223463335","19744585401442299381952694102570931935735276268739851233412754166721728873141","20026293345566344685499234599699178313754630774489046573312844763673073616936","2611303659034102517884318354550433047021831422518437228002960700934925644951","6230291832603218406134986471162106408091661326026848531605999413028246206577","9126162046556730019959291776456914453189657463686708035601186672661595109020","18827736146609035067773173111376739253733288103277133456626928961785293662143","2328703958261360872869074208611873245571971231035163763965210852182760438390","13796410059666172174899788866809560044715551934510722965495280798363043241416","1593663256684781552813616365605526150610454082601584196604084376715746899324","1565874145189898288764434737762721576951043839540107044892767693968417810945","8709849304563896945461696717753976956465219721409993781555147204068634555572","2994256803561260177499267243802460581941891553208150783951937342406846377191","10452746656507347152042187616753027475507881362159944564077673851918869542550","20130580998875572619695450234900655050996104101008767761546912649074040426200","18926933358104691474037431437316089682088433006245222723356764715400831411716","3783551594057498940671877156409957274854990650480535806320220142873170375307","7919031943604095374667473717154511882451510130166237539514111182596247372692","14518552587329209714850286012780632801030157943402419401997576700600952906519","4770764028263701271241862755569969531641408032906982530346384375773459918490","10866502826034731763529371496585294375373238783964914673031891984092997621879","4234148117462322266937279401468367908013627589417699250592523530383852950379","10747942066055887965185603234524367638106812660210378090215017248140719240336","2587411532912868255102795810490361867789634574022411742057853375399270197531","17350061113113681344498080520518808976916692173267298878258722510332360424059","16490282364669098969805528215926442920328903121380947471680517193373377657129","9274691782659584680377375192682066090127280485689527337429804211265749864190","7630965482352419767782717986075793694403609453648729580916814032587325374653","9483872310024003776681196467845329825094379763716541754956796450187787638623","12182966986735661215639970080491757244218854808156498220088212871061979325833","1853790963611367149183440339188924598268644281518961106776656221408171642714","17425077915972423995335545370701802959607559878032910147159424242864219303096","14571075346526399549826264845894977639678567831720652860528738036970272895919","5627701855249158721927849603102149698163511782011562166637339712383551336091","3620805686755372260289125555061886982808014642356719556961142525373021656729","11556995641752009899073583627136467840237831247117281278719511600076965602980","18960242154096055221658318882298412299294886669455506299567210308762501113202"];
    
    let ark = str_to_field_matrix(vec_to_matrix(ark_string));

    let mds_string = vec!["16789463359527776692258765063233607350971630674230623383979223533600140787105","17179611066821656668705197789232102741366879862607190942874777813024566441829","18653277315487164762584377009009109585010878033606596417396490909822722930739","7373070639853668650581790286343199505413793790160702463077019294817051722180","4823864393442908763804841692709014014130031798360007432734996408628916373879","19196309854577132760746782449135315310664418272926255500908899397538686486585","18123132816088485879885148351452823314623055244145916622592591084094232513914","18436594886553181913092702411547018228276047601279727265790147051821171174455","15167500404313194506503404655898040457721633218143681920692711693000769735187","9437986152015460505719924283993842205604222075968464846270136901243896809793","21445376105821232747280055223032050399373725161014449207033808524504027971613","49684738714301073369749035791061182456037935161360748355432247732088942674","9826409059947591908303145327284336313371973037536805760095514429930589897515","8494798325496773219358794086647759478982958403252584257436898618394561204124","21251937175072447337747316555423152807036003235223125066270735279039060889959","5539100337780919206842837176908516952801756637410959104376645017856664270896","6297628909516159190915174165284309160976659474973668336571577778869958189934","12792263637464508665199868777503118105486490400267592501708855807938962470650","17254685306085558791725544672172906900581495686070720065168939143671412445514","3590396502942934679818900672232030233017710909687947858184099000783280809247","19055249881366445073616526879263250763682650596233071589085239500077496415637","7367697936402141224946246030743627391716576575953707640061577218995381577033","1322791522030759131093883057746095061798181102708855007233180025036972924046","20456741074925985565499300081580917471340328842103779922028754640077047587707","9059147312071680695674575245237100802111605600478121517359780850134328696420"];
    
    let mds = str_to_field_matrix(vec_to_matrix(mds_string));
    
    let poseidon_config = poseidon::PoseidonConfig::<Fr>::new(FULL_ROUNDS,PARTIAL_ROUNDS,ALPHA, mds, ark, RATE, WIDTH-RATE);
    let mut poseidon_sponge: poseidon::PoseidonSponge::<Fr> = CryptographicSponge::new(&poseidon_config);
    
    let v: Vec<Fr> = vec!["1","2","3","4", "5", "6", "7"].into_iter().map(|x| {FromStr::from_str(x).unwrap()}).collect();
    
    poseidon_sponge.absorb(&v); // This does not end in an absorption,
    let out = poseidon_sponge.squeeze_field_elements::<Fr>(1); // so absorb and squeeze out one element
    
    assert!(out[0] == Fr::from_str("3637726918731233354960448572465528704217843406233123660822069175839457651784").unwrap());
}

Note that the final projection in the sponge function is onto the second rather than the first component of the resulting permutation, which would explain why it does not agree with any of Circom's instances.

My reasoning for including the permutations as above was to allow for the user to be aware of and choose the conventions appropriate to their application. In retrospect, exposing only the permutation functions makes usage of the Poseidon hash function a bit clunky. Ideally we would have a poseidon::bn254::hash function that dispatches to the appropriate permutation and agrees with Circom's implementation, but that doesn't seem to be allowed with the current treatment of arrays. As a compromise, we could add a bunch of hash functions with a similar pattern to the perm functions and elaborate on the relation between all of these functions in the documentation. Thoughts?

@joss-aztec
Copy link
Contributor Author

Hi @ax0, thanks for your thorough response, it's extremely helpful!

Being a non-cryptographer, I'd certainly appreciate some obvious default to reach for. From an app dev and onboarding point of view I think it's reasonable for that default to match circom's - however I'd be unable to comment of whether the configuration and naming used by circom was appropriate.

Your suggestion sounds good. If we think circom's arrangement is an acceptable I imagine we'd have:

poseidon::bn254::hash_1
poseidon::bn254::hash_2
...
poseidon::bn254::hash_17

Otherwise I guess we'd need to name it something like:

poseidon::bn254::circom_compat_hash_1
poseidon::bn254::circom_compat_hash_2
...
poseidon::bn254::circom_compat_hash_17

But it seems odd to have a noir stdlib function named as such 😅

@ax0 ax0 mentioned this issue Apr 19, 2023
Merged
6 tasks
@github-project-automation github-project-automation bot moved this from 📋 Backlog to ✅ Done in Noir Apr 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Noir
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add Poseidon-BN254 hash functions ax0/noir
3 participants
@ax0 @kevaundray @joss-aztec