Line data Source code
1 : #include "./fd_poseidon.h"
2 : #include "fd_poseidon_params.c"
3 :
4 : /* Poseidon internals */
5 :
6 : static inline void
7 : fd_poseidon_apply_ark( fd_bn254_scalar_t state[],
8 : ulong const width,
9 : fd_poseidon_par_t const * params,
10 3062 : ulong round ) {
11 21952 : for( ulong i=0; i<width; i++ ) {
12 18890 : fd_bn254_scalar_add( &state[i], &state[i], ¶ms->ark[ round * width + i ] );
13 18890 : }
14 3062 : }
15 :
16 : static inline void
17 : fd_poseidon_apply_sbox_full( fd_bn254_scalar_t state[],
18 3061 : ulong const width ) {
19 : /* Compute s[i]^5 */
20 7946 : for( ulong i=0; i<width; i++ ) {
21 4885 : fd_bn254_scalar_t t[1];
22 4885 : fd_bn254_scalar_sqr( t, &state[i] ); /* t = s^2 */
23 4885 : fd_bn254_scalar_sqr( t, t ); /* t = s^4 */
24 4885 : fd_bn254_scalar_mul( &state[i], &state[i], t ); /* s = s^5 */
25 4885 : }
26 3061 : }
27 :
28 : static inline void
29 2707 : fd_poseidon_apply_sbox_partial( fd_bn254_scalar_t state[] ) {
30 : /* Compute s[0]^5 */
31 2707 : fd_poseidon_apply_sbox_full( state, 1 );
32 2707 : }
33 :
34 : static inline void
35 : fd_poseidon_apply_mds( fd_bn254_scalar_t state[],
36 : ulong const width,
37 3040 : fd_poseidon_par_t const * params ) {
38 3040 : fd_bn254_scalar_t x[FD_POSEIDON_MAX_WIDTH+1] = { 0 };
39 : /* Vector-matrix multiplication (state vector times mds matrix) */
40 20637 : for( ulong i=0; i<width; i++ ) {
41 144445 : for( ulong j=0; j<width; j++ ) {
42 126848 : fd_bn254_scalar_t t[1];
43 126848 : fd_bn254_scalar_mul( t, &state[j], ¶ms->mds[ i * width + j ] );
44 126848 : fd_bn254_scalar_add( &x[i], &x[i], t );
45 126848 : }
46 17597 : }
47 21964 : for( ulong i=0; i<width; i++ ) {
48 18924 : state[i] = x[i];
49 18924 : }
50 3040 : }
51 :
52 : static inline void
53 : fd_poseidon_get_params( fd_poseidon_par_t * params,
54 46 : ulong const width ) {
55 46 : #define FD_POSEIDON_GET_PARAMS(w) case (w): \
56 46 : params->ark = (fd_bn254_scalar_t *)fd_poseidon_ark_## w; \
57 46 : params->mds = (fd_bn254_scalar_t *)fd_poseidon_mds_## w; \
58 46 : break
59 :
60 46 : switch( width ) {
61 10 : FD_POSEIDON_GET_PARAMS(2);
62 6 : FD_POSEIDON_GET_PARAMS(3);
63 6 : FD_POSEIDON_GET_PARAMS(4);
64 2 : FD_POSEIDON_GET_PARAMS(5);
65 2 : FD_POSEIDON_GET_PARAMS(6);
66 1 : FD_POSEIDON_GET_PARAMS(7);
67 3 : FD_POSEIDON_GET_PARAMS(8);
68 7 : FD_POSEIDON_GET_PARAMS(9);
69 4 : FD_POSEIDON_GET_PARAMS(10);
70 1 : FD_POSEIDON_GET_PARAMS(11);
71 1 : FD_POSEIDON_GET_PARAMS(12);
72 46 : FD_POSEIDON_GET_PARAMS(13);
73 46 : }
74 46 : #undef FD_POSEIDON_GET_PARAMS
75 46 : }
76 :
77 : /* Poseidon interface */
78 :
79 : fd_poseidon_t *
80 : fd_poseidon_init( fd_poseidon_t * pos,
81 50 : int const big_endian ) {
82 50 : if( FD_UNLIKELY( pos==NULL ) ) {
83 0 : return NULL;
84 0 : }
85 50 : pos->big_endian = big_endian;
86 50 : pos->cnt = 0UL;
87 50 : fd_memset( pos->state, 0, sizeof(pos->state) );
88 50 : return pos;
89 50 : }
90 :
91 : fd_poseidon_t *
92 : fd_poseidon_append( fd_poseidon_t * pos,
93 : uchar const * data,
94 : ulong sz,
95 242 : int enforce_padding ) {
96 242 : if( FD_UNLIKELY( pos==NULL ) ) {
97 0 : return NULL;
98 0 : }
99 242 : if( FD_UNLIKELY( pos->cnt >= FD_POSEIDON_MAX_WIDTH ) ) {
100 0 : return NULL;
101 0 : }
102 242 : if( FD_UNLIKELY( enforce_padding && sz!=32UL ) ) {
103 0 : return NULL;
104 0 : }
105 : /* Empty input and non-field are errors. Short element is extended with 0s. */
106 242 : if( FD_UNLIKELY( sz==0 || sz>32UL ) ) {
107 2 : return NULL;
108 2 : }
109 :
110 : /* Handle endianness */
111 240 : fd_bn254_scalar_t cur[1] = { 0 };
112 240 : fd_memcpy( cur->buf + (32-sz)*(pos->big_endian?1:0), data, sz );
113 240 : if( pos->big_endian ) {
114 140 : fd_uint256_bswap( cur, cur );
115 140 : }
116 :
117 240 : if( FD_UNLIKELY( !fd_bn254_scalar_validate( cur ) ) ) {
118 2 : return NULL;
119 2 : }
120 238 : pos->cnt++;
121 238 : fd_bn254_scalar_to_mont( &pos->state[ pos->cnt ], cur );
122 :
123 238 : return pos;
124 240 : }
125 :
126 : uchar *
127 : fd_poseidon_fini( fd_poseidon_t * pos,
128 46 : uchar hash[ FD_POSEIDON_HASH_SZ ] ) {
129 46 : if( FD_UNLIKELY( pos==NULL ) ) {
130 0 : return NULL;
131 0 : }
132 46 : if( FD_UNLIKELY( !pos->cnt ) ) {
133 0 : return NULL;
134 0 : }
135 46 : const ulong width = pos->cnt+1;
136 46 : fd_poseidon_par_t params[1] = { 0 };
137 46 : fd_poseidon_get_params( params, width );
138 46 : if( FD_UNLIKELY( !params->ark || !params->mds ) ) {
139 0 : return NULL;
140 0 : }
141 :
142 46 : const ulong PARTIAL_ROUNDS[] = { 56, 57, 56, 60, 60, 63, 64, 63, 60, 66, 60, 65, 70, 60, 64, 68 };
143 46 : const ulong partial_rounds = PARTIAL_ROUNDS[ pos->cnt-1 ];
144 46 : const ulong full_rounds = 8;
145 46 : const ulong half_rounds = full_rounds / 2;
146 46 : const ulong all_rounds = full_rounds + partial_rounds;
147 :
148 46 : ulong round=0;
149 230 : for (; round<half_rounds; round++ ) {
150 184 : fd_poseidon_apply_ark ( pos->state, width, params, round );
151 184 : fd_poseidon_apply_sbox_full ( pos->state, width );
152 184 : fd_poseidon_apply_mds ( pos->state, width, params );
153 184 : }
154 :
155 2752 : for (; round<half_rounds+partial_rounds; round++ ) {
156 2706 : fd_poseidon_apply_ark ( pos->state, width, params, round );
157 2706 : fd_poseidon_apply_sbox_partial( pos->state );
158 2706 : fd_poseidon_apply_mds ( pos->state, width, params );
159 2706 : }
160 :
161 230 : for (; round<all_rounds; round++ ) {
162 184 : fd_poseidon_apply_ark ( pos->state, width, params, round );
163 184 : fd_poseidon_apply_sbox_full ( pos->state, width );
164 184 : fd_poseidon_apply_mds ( pos->state, width, params );
165 184 : }
166 :
167 : /* Directly convert scalar into return hash buffer - hash MUST be FD_UINT256_ALIGNED */
168 46 : fd_bn254_scalar_t scalar_hash[1];
169 46 : fd_bn254_scalar_from_mont( scalar_hash, &pos->state[0] );
170 46 : if( pos->big_endian ) {
171 29 : fd_uint256_bswap( scalar_hash, scalar_hash );
172 29 : }
173 46 : fd_memcpy( hash, scalar_hash, 32 );
174 46 : return hash;
175 46 : }
|
