diff --git a/Cargo.toml b/Cargo.toml index 37e55c2..7e55c68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,7 +30,7 @@ uninlined_format_args = "allow" upper_case_acronyms = "allow" [dependencies] -rand = "0.9" +rand = "0.10" sha3 = "0.10.8" num-bigint = "0.4.6" rayon = "1.10.0" @@ -41,10 +41,10 @@ thiserror = "2.0" ssz = { package = "ethereum_ssz", version = "0.10.0" } -p3-field = { git = "https://github.com/Plonky3/Plonky3.git", rev = "d421e32" } -p3-baby-bear = { git = "https://github.com/Plonky3/Plonky3.git", rev = "d421e32" } -p3-koala-bear = { git = "https://github.com/Plonky3/Plonky3.git", rev = "d421e32" } -p3-symmetric = { git = "https://github.com/Plonky3/Plonky3.git", rev = "d421e32" } +p3-field = { git = "https://github.com/Plonky3/Plonky3.git", rev = "b4dcde46" } +p3-baby-bear = { git = "https://github.com/Plonky3/Plonky3.git", rev = "b4dcde46" } +p3-koala-bear = { git = "https://github.com/Plonky3/Plonky3.git", rev = "b4dcde46" } +p3-symmetric = { git = "https://github.com/Plonky3/Plonky3.git", rev = "b4dcde46" } [dev-dependencies] criterion = "0.7" diff --git a/README.md b/README.md index 32b0131..309cc13 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ See also function `test_signature_scheme_correctness` in [this file](https://git ## Schemes The code implements a generic framework from [this paper](https://eprint.iacr.org/2025/055.pdf), which builds XMSS-like hash-based signatures from a primitive called incomparable encodings. -Hardcoded instantiations of this generic framework (using Poseidon2) are defined in `leansig::signature::generalized_xmss`. +Hardcoded instantiations of this generic framework (using Poseidon1) are defined in `leansig::signature::generalized_xmss`. The parameters have been chosen based on the analysis in the paper using Python scripts. Details are as follows: | Submodule | Paper / Documentation | Parameters Set With | diff --git a/benches/benchmark_poseidon.rs b/benches/benchmark_poseidon.rs index e9186fd..da21476 100644 --- a/benches/benchmark_poseidon.rs +++ b/benches/benchmark_poseidon.rs @@ -1,7 +1,7 @@ use std::hint::black_box; use criterion::{Criterion, SamplingMode}; -use rand::Rng; +use rand::RngExt; use leansig::{ MESSAGE_LENGTH, diff --git a/benches/benchmark_poseidon_top_level.rs b/benches/benchmark_poseidon_top_level.rs index 14c9b7f..5266670 100644 --- a/benches/benchmark_poseidon_top_level.rs +++ b/benches/benchmark_poseidon_top_level.rs @@ -1,7 +1,7 @@ use std::{cmp::min, hint::black_box}; use criterion::{Criterion, SamplingMode}; -use rand::Rng; +use rand::RngExt; use leansig::{ MESSAGE_LENGTH, diff --git a/src/array.rs b/src/array.rs index a21f965..cd0f898 100644 --- a/src/array.rs +++ b/src/array.rs @@ -153,6 +153,7 @@ impl<'de, const N: usize> Deserialize<'de> for FieldArray { mod tests { use super::*; use proptest::prelude::*; + use rand::RngExt; /// Small parameter arrays const SMALL_SIZE: usize = 5; diff --git a/src/bin/main.rs b/src/bin/main.rs index 466a7b6..e984ff6 100644 --- a/src/bin/main.rs +++ b/src/bin/main.rs @@ -8,11 +8,11 @@ use leansig::signature::generalized_xmss::instantiations_poseidon::lifetime_2_to use leansig::signature::generalized_xmss::instantiations_poseidon::lifetime_2_to_the_20::target_sum::SIGTargetSumLifetime20W8NoOff; use leansig::signature::SignatureScheme; use rand::rngs::ThreadRng; -use rand::Rng; +use rand::RngExt; use std::time::Instant; // Function to measure execution time -fn measure_time(description: &str, rng: &mut R) { +fn measure_time(description: &str, rng: &mut R) { // key gen let start = Instant::now(); diff --git a/src/inc_encoding.rs b/src/inc_encoding.rs index a9185ef..f5803e2 100644 --- a/src/inc_encoding.rs +++ b/src/inc_encoding.rs @@ -1,4 +1,4 @@ -use rand::Rng; +use rand::RngExt; use std::fmt::Debug; use crate::MESSAGE_LENGTH; @@ -33,7 +33,7 @@ pub trait IncomparableEncoding { const BASE: usize; /// Samples a randomness to be used for the encoding. - fn rand(rng: &mut R) -> Self::Randomness; + fn rand(rng: &mut R) -> Self::Randomness; /// Apply the incomparable encoding to a message. /// It could happen that this fails. Otherwise, diff --git a/src/inc_encoding/target_sum.rs b/src/inc_encoding/target_sum.rs index dea44c2..7360719 100644 --- a/src/inc_encoding/target_sum.rs +++ b/src/inc_encoding/target_sum.rs @@ -51,7 +51,7 @@ impl IncomparableEncoding const BASE: usize = MH::BASE; - fn rand(rng: &mut R) -> Self::Randomness { + fn rand(rng: &mut R) -> Self::Randomness { MH::rand(rng) } @@ -97,6 +97,7 @@ mod tests { use crate::symmetric::message_hash::poseidon::PoseidonMessageHash445; use p3_field::PrimeField32; use proptest::prelude::*; + use rand::RngExt; const TEST_TARGET_SUM: usize = 115; type TestTargetSumEncoding = TargetSumEncoding; diff --git a/src/lib.rs b/src/lib.rs index 6253164..cf9ed10 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,6 @@ use p3_field::Field; use p3_koala_bear::{ - KoalaBear, Poseidon2KoalaBear, default_koalabear_poseidon2_16, default_koalabear_poseidon2_24, + KoalaBear, Poseidon1KoalaBear, default_koalabear_poseidon1_16, default_koalabear_poseidon1_24, }; use std::sync::OnceLock; @@ -22,27 +22,27 @@ pub mod signature; pub(crate) mod simd_utils; pub mod symmetric; -// Cached Poseidon2 permutations. +// Cached Poseidon1 permutations. // -// We cache the default Plonky3 Poseidon2 instances once and return a clone. +// We cache the default Plonky3 Poseidon1 instances once and return a clone. // Returning by value preserves existing call sites that take `&perm`. -/// A lazily-initialized, thread-safe cache for the Poseidon2 permutation with a width of 24. -static POSEIDON2_24: OnceLock> = OnceLock::new(); +/// A lazily-initialized, thread-safe cache for the Poseidon1 permutation with a width of 24. +static POSEIDON1_24: OnceLock> = OnceLock::new(); -/// A lazily-initialized, thread-safe cache for the Poseidon2 permutation with a width of 16. -static POSEIDON2_16: OnceLock> = OnceLock::new(); +/// A lazily-initialized, thread-safe cache for the Poseidon1 permutation with a width of 16. +static POSEIDON1_16: OnceLock> = OnceLock::new(); -/// Poseidon2 permutation (width 24) -pub(crate) fn poseidon2_24() -> Poseidon2KoalaBear<24> { - POSEIDON2_24 - .get_or_init(default_koalabear_poseidon2_24) +/// Poseidon1 permutation (width 24) +pub(crate) fn poseidon1_24() -> Poseidon1KoalaBear<24> { + POSEIDON1_24 + .get_or_init(default_koalabear_poseidon1_24) .clone() } -/// Poseidon2 permutation (width 16) -pub(crate) fn poseidon2_16() -> Poseidon2KoalaBear<16> { - POSEIDON2_16 - .get_or_init(default_koalabear_poseidon2_16) +/// Poseidon1 permutation (width 16) +pub(crate) fn poseidon1_16() -> Poseidon1KoalaBear<16> { + POSEIDON1_16 + .get_or_init(default_koalabear_poseidon1_16) .clone() } diff --git a/src/signature.rs b/src/signature.rs index 0bcfcb0..e51ec45 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -2,7 +2,7 @@ use std::ops::Range; use crate::MESSAGE_LENGTH; use crate::serialization::Serializable; -use rand::Rng; +use rand::RngExt; use thiserror::Error; /// Error enum for the signing process. @@ -146,7 +146,7 @@ pub trait SignatureScheme { /// /// ### Returns /// A tuple containing the new `(PublicKey, SecretKey)`. - fn key_gen( + fn key_gen( rng: &mut R, activation_epoch: usize, num_active_epochs: usize, @@ -209,6 +209,7 @@ pub mod generalized_xmss; #[cfg(test)] mod test_templates { + use rand::RngExt; use serde::{Serialize, de::DeserializeOwned}; use super::*; diff --git a/src/signature/generalized_xmss.rs b/src/signature/generalized_xmss.rs index 3aa19ee..3d6c795 100644 --- a/src/signature/generalized_xmss.rs +++ b/src/signature/generalized_xmss.rs @@ -1,6 +1,6 @@ use std::marker::PhantomData; -use rand::Rng; +use rand::RngExt; use rayon::prelude::*; use serde::{Deserialize, Serialize}; @@ -653,7 +653,7 @@ where const LIFETIME: u64 = 1 << LOG_LIFETIME; - fn key_gen( + fn key_gen( rng: &mut R, activation_epoch: usize, num_active_epochs: usize, @@ -1004,10 +1004,10 @@ impl; diff --git a/src/signature/generalized_xmss/instantiations_poseidon_top_level.rs b/src/signature/generalized_xmss/instantiations_poseidon_top_level.rs index 427eb19..55e420e 100644 --- a/src/signature/generalized_xmss/instantiations_poseidon_top_level.rs +++ b/src/signature/generalized_xmss/instantiations_poseidon_top_level.rs @@ -46,19 +46,16 @@ pub mod lifetime_2_to_the_18 { pub type SIGTopLevelTargetSumLifetime18Dim64Base8 = GeneralizedXMSSSignatureScheme; - #[cfg(test)] + #[cfg(all(test, feature = "slow-tests"))] mod test { use crate::signature::{ SignatureScheme, generalized_xmss::instantiations_poseidon_top_level::lifetime_2_to_the_18::SIGTopLevelTargetSumLifetime18Dim64Base8, + test_templates::test_signature_scheme_correctness, }; - #[cfg(feature = "slow-tests")] - use crate::signature::test_templates::test_signature_scheme_correctness; - #[test] - #[cfg(feature = "slow-tests")] pub fn test_correctness() { test_signature_scheme_correctness::( 213, @@ -130,17 +127,15 @@ pub mod lifetime_2_to_the_32 { pub type PubKeyTopLevelTargetSumLifetime32Dim64Base8 = GeneralizedXMSSPublicKey; pub type SigTopLevelTargetSumLifetime32Dim64Base8 = GeneralizedXMSSSignature; - #[cfg(test)] + #[cfg(all(test, feature = "slow-tests"))] mod test { use super::*; - use crate::signature::SignatureScheme; - - #[cfg(feature = "slow-tests")] - use crate::signature::test_templates::test_signature_scheme_correctness; + use crate::signature::{ + SignatureScheme, test_templates::test_signature_scheme_correctness, + }; #[test] - #[cfg(feature = "slow-tests")] pub fn test_correctness() { test_signature_scheme_correctness::( 213, @@ -206,17 +201,15 @@ pub mod lifetime_2_to_the_32 { pub type SIGTopLevelTargetSumLifetime32Dim48Base10 = GeneralizedXMSSSignatureScheme; - #[cfg(test)] + #[cfg(all(test, feature = "slow-tests"))] mod test { use super::*; - use crate::signature::SignatureScheme; - - #[cfg(feature = "slow-tests")] - use crate::signature::test_templates::test_signature_scheme_correctness; + use crate::signature::{ + SignatureScheme, test_templates::test_signature_scheme_correctness, + }; #[test] - #[cfg(feature = "slow-tests")] pub fn test_correctness() { test_signature_scheme_correctness::( 213, @@ -281,17 +274,15 @@ pub mod lifetime_2_to_the_32 { pub type SIGTopLevelTargetSumLifetime32Dim32Base26 = GeneralizedXMSSSignatureScheme; - #[cfg(test)] + #[cfg(all(test, feature = "slow-tests"))] mod test { use super::*; - use crate::signature::SignatureScheme; - - #[cfg(feature = "slow-tests")] - use crate::signature::test_templates::test_signature_scheme_correctness; + use crate::signature::{ + SignatureScheme, test_templates::test_signature_scheme_correctness, + }; #[test] - #[cfg(feature = "slow-tests")] pub fn test_correctness() { test_signature_scheme_correctness::( 213, @@ -361,17 +352,15 @@ pub mod lifetime_2_to_the_8 { pub type SIGTopLevelTargetSumLifetime8Dim64Base8 = GeneralizedXMSSSignatureScheme; - #[cfg(test)] + #[cfg(all(test, feature = "slow-tests"))] mod test { - use crate::signature::SignatureScheme; - - #[cfg(feature = "slow-tests")] - use crate::signature::test_templates::test_signature_scheme_correctness; + use crate::signature::{ + SignatureScheme, test_templates::test_signature_scheme_correctness, + }; use super::SIGTopLevelTargetSumLifetime8Dim64Base8; - #[cfg(feature = "slow-tests")] #[test] pub fn test_correctness() { test_signature_scheme_correctness::( diff --git a/src/simd_utils.rs b/src/simd_utils.rs index 57a1f42..7cd0c57 100644 --- a/src/simd_utils.rs +++ b/src/simd_utils.rs @@ -90,7 +90,7 @@ mod tests { use super::*; use p3_field::PrimeCharacteristicRing; use proptest::prelude::*; - use rand::Rng; + use rand::RngExt; #[test] fn test_pack_array_simple() { diff --git a/src/symmetric/message_hash.rs b/src/symmetric/message_hash.rs index 3febb09..95fc4e5 100644 --- a/src/symmetric/message_hash.rs +++ b/src/symmetric/message_hash.rs @@ -1,6 +1,6 @@ use std::fmt::Debug; -use rand::Rng; +use rand::RngExt; use crate::MESSAGE_LENGTH; use crate::serialization::Serializable; @@ -25,7 +25,7 @@ pub trait MessageHash { const BASE: usize; /// Generates a random domain element. - fn rand(rng: &mut R) -> Self::Randomness; + fn rand(rng: &mut R) -> Self::Randomness; /// Applies the message hash to a parameter, an epoch, /// a randomness, and a message. It outputs a list of chunks. diff --git a/src/symmetric/message_hash/aborting.rs b/src/symmetric/message_hash/aborting.rs index db57f97..cce1471 100644 --- a/src/symmetric/message_hash/aborting.rs +++ b/src/symmetric/message_hash/aborting.rs @@ -64,7 +64,7 @@ where const DIMENSION: usize = DIMENSION; // v const BASE: usize = BASE; // w - fn rand(rng: &mut R) -> Self::Randomness { + fn rand(rng: &mut R) -> Self::Randomness { FieldArray(rng.random()) } @@ -166,7 +166,7 @@ mod tests { use super::*; use p3_field::PrimeField32; use proptest::prelude::*; - use rand::{SeedableRng, rngs::StdRng}; + use rand::{RngExt, SeedableRng, rngs::StdRng}; #[test] fn test_apply() { diff --git a/src/symmetric/message_hash/poseidon.rs b/src/symmetric/message_hash/poseidon.rs index 7d492e3..5605cbf 100644 --- a/src/symmetric/message_hash/poseidon.rs +++ b/src/symmetric/message_hash/poseidon.rs @@ -11,7 +11,7 @@ use crate::F; use crate::MESSAGE_LENGTH; use crate::TWEAK_SEPARATOR_FOR_MESSAGE_HASH; use crate::array::FieldArray; -use crate::poseidon2_24; +use crate::poseidon1_24; use crate::symmetric::tweak_hash::poseidon::poseidon_compress; /// Function to encode a message as an array of field elements @@ -92,7 +92,7 @@ fn decode_to_chunks, message: &[u8; MESSAGE_LENGTH], ) -> [F; HASH_LEN_FE] { - // Get the default, pre-configured Poseidon2 instance from Plonky3. - let perm = poseidon2_24(); + // Get the default, pre-configured Poseidon1 instance from Plonky3. + let perm = poseidon1_24(); // first, encode the message and the epoch as field elements let message_fe = encode_message::(message); @@ -125,7 +125,7 @@ pub(crate) fn poseidon_message_hash_fe< poseidon_compress::(&perm, &combined_input_vec) } -/// A message hash implemented using Poseidon2 +/// A message hash implemented using Poseidon1 /// /// Note: PARAMETER_LEN, RAND_LEN, TWEAK_LEN_FE, MSG_LEN_FE, and HASH_LEN_FE /// must be given in the unit "number of field elements". @@ -176,7 +176,7 @@ where const BASE: usize = BASE; - fn rand(rng: &mut R) -> Self::Randomness { + fn rand(rng: &mut R) -> Self::Randomness { FieldArray(rng.random()) } @@ -255,7 +255,7 @@ mod tests { use num_traits::Zero; use p3_field::PrimeField32; use proptest::prelude::*; - use rand::Rng; + use rand::RngExt; use std::collections::HashMap; #[test] diff --git a/src/symmetric/message_hash/top_level_poseidon.rs b/src/symmetric/message_hash/top_level_poseidon.rs index b4803a1..2a7fcab 100644 --- a/src/symmetric/message_hash/top_level_poseidon.rs +++ b/src/symmetric/message_hash/top_level_poseidon.rs @@ -15,7 +15,7 @@ use crate::array::FieldArray; use crate::hypercube::hypercube_find_layer; use crate::hypercube::hypercube_part_size; use crate::hypercube::map_to_vertex; -use crate::poseidon2_24; +use crate::poseidon1_24; use crate::symmetric::tweak_hash::poseidon::poseidon_compress; /// Function to make a list of field elements to a vertex in layers 0, ..., FINAL_LAYER @@ -49,7 +49,7 @@ fn map_into_hypercube_part< map_to_vertex(BASE, DIMENSION, layer, offset) } -/// A message hash implemented using Poseidon2 that maps messages into the top layers +/// A message hash implemented using Poseidon1 that maps messages into the top layers /// of a hypercube structure. /// /// Specifically, consider the hypercube {0, ..., BASE-1}^DIMENSION, partitioned into layers as follows: @@ -67,9 +67,9 @@ fn map_into_hypercube_part< /// are specified in **number of field elements**. /// /// - `POS_OUTPUT_LEN_PER_INV_FE` specifies how many field elements we obtain -/// from each Poseidon2 invocation. +/// from each Poseidon1 invocation. /// -/// - `POS_INVOCATIONS` is the number of Poseidon2 invocations performed. +/// - `POS_INVOCATIONS` is the number of Poseidon1 invocations performed. /// /// We then take the resulting `POS_INVOCATIONS * POS_OUTPUT_LEN_PER_INV_FE` /// field elements and decode them into an element of the top layers. @@ -132,7 +132,7 @@ where const BASE: usize = BASE; - fn rand(rng: &mut R) -> Self::Randomness { + fn rand(rng: &mut R) -> Self::Randomness { FieldArray(rng.random()) } @@ -143,7 +143,7 @@ where message: &[u8; MESSAGE_LENGTH], ) -> Result, Infallible> { const { - /// The width of the Poseidon2 permutation used. + /// The width of the Poseidon1 permutation used. const POSEIDON_WIDTH: usize = 24; // Check that the combined input fits within the Poseidon width. @@ -204,7 +204,7 @@ where ); } - let perm = poseidon2_24(); + let perm = poseidon1_24(); // first, encode the message and the epoch as field elements let message_fe = encode_message::(message); @@ -248,7 +248,7 @@ where mod tests { use super::*; use proptest::prelude::*; - use rand::Rng; + use rand::RngExt; use crate::symmetric::message_hash::{ MessageHash, top_level_poseidon::TopLevelPoseidonMessageHash, diff --git a/src/symmetric/prf.rs b/src/symmetric/prf.rs index ac2e810..edc7c9f 100644 --- a/src/symmetric/prf.rs +++ b/src/symmetric/prf.rs @@ -1,4 +1,4 @@ -use rand::Rng; +use rand::RngExt; use crate::serialization::Serializable; @@ -11,7 +11,7 @@ pub trait Pseudorandom { type Randomness; /// Sample a random key for the PRF - fn key_gen(rng: &mut R) -> Self::Key; + fn key_gen(rng: &mut R) -> Self::Key; /// Apply the PRF to an epoch and an index to get a pseudorandom domain element. /// This can be used to create the chain starts pseudorandomly. diff --git a/src/symmetric/prf/shake_to_field.rs b/src/symmetric/prf/shake_to_field.rs index bf11b32..28c794f 100644 --- a/src/symmetric/prf/shake_to_field.rs +++ b/src/symmetric/prf/shake_to_field.rs @@ -32,7 +32,7 @@ where type Domain = [F; DOMAIN_LENGTH_FE]; type Randomness = [F; RAND_LENGTH_FE]; - fn key_gen(rng: &mut R) -> Self::Key { + fn key_gen(rng: &mut R) -> Self::Key { rng.random() } diff --git a/src/symmetric/tweak_hash.rs b/src/symmetric/tweak_hash.rs index caea13e..952b1f7 100644 --- a/src/symmetric/tweak_hash.rs +++ b/src/symmetric/tweak_hash.rs @@ -1,4 +1,4 @@ -use rand::Rng; +use rand::RngExt; use rayon::prelude::*; @@ -28,10 +28,10 @@ pub trait TweakableHash { type Domain: Copy + PartialEq + Send + Sync + Serializable; /// Generates a random public parameter. - fn rand_parameter(rng: &mut R) -> Self::Parameter; + fn rand_parameter(rng: &mut R) -> Self::Parameter; /// Generates a random domain element. - fn rand_domain(rng: &mut R) -> Self::Domain; + fn rand_domain(rng: &mut R) -> Self::Domain; /// Returns a tweak to be used in the Merkle tree. /// Note: this is assumed to be distinct from the outputs of chain_tweak diff --git a/src/symmetric/tweak_hash/poseidon.rs b/src/symmetric/tweak_hash/poseidon.rs index 4b24935..286d09e 100644 --- a/src/symmetric/tweak_hash/poseidon.rs +++ b/src/symmetric/tweak_hash/poseidon.rs @@ -7,8 +7,8 @@ use rayon::prelude::*; use crate::TWEAK_SEPARATOR_FOR_CHAIN_HASH; use crate::TWEAK_SEPARATOR_FOR_TREE_HASH; use crate::array::FieldArray; -use crate::poseidon2_16; -use crate::poseidon2_24; +use crate::poseidon1_16; +use crate::poseidon1_24; use crate::simd_utils::{pack_array, pack_even_into, pack_fn_into, pack_odd_into}; use crate::symmetric::prf::Pseudorandom; use crate::symmetric::tweak_hash::chain; @@ -16,7 +16,7 @@ use crate::{F, PackedF}; use super::TweakableHash; -use p3_koala_bear::Poseidon2KoalaBear; +use p3_koala_bear::Poseidon1KoalaBear; use std::cell::RefCell; const DOMAIN_PARAMETERS_LENGTH: usize = 4; @@ -135,11 +135,11 @@ where } /// Computes a Poseidon-based domain separator by compressing an array of `u32` -/// values using the Poseidon2 KoalaBear permutation with width 24. +/// values using the Poseidon1 KoalaBear permutation with width 24. /// /// Returns scalar field elements. For SIMD use, broadcast to `PackedF` at the call site. fn poseidon_safe_domain_separator( - perm: &Poseidon2KoalaBear, + perm: &Poseidon1KoalaBear, params: &[u32; DOMAIN_PARAMETERS_LENGTH], ) -> [F; OUT_LEN] { // Combine params into a single number in base 2^32 @@ -245,7 +245,7 @@ where out } -/// A tweakable hash function implemented using Poseidon2 +/// A tweakable hash function implemented using Poseidon1 /// /// Note: HASH_LEN, TWEAK_LEN, CAPACITY, and PARAMETER_LEN must /// be given in the unit "number of field elements". @@ -272,11 +272,11 @@ impl< type Domain = FieldArray; - fn rand_parameter(rng: &mut R) -> Self::Parameter { + fn rand_parameter(rng: &mut R) -> Self::Parameter { FieldArray(rng.random()) } - fn rand_domain(rng: &mut R) -> Self::Domain { + fn rand_domain(rng: &mut R) -> Self::Domain { FieldArray(rng.random()) } @@ -344,7 +344,7 @@ impl< match message { [single] => { // we compress parameter, tweak, message - let perm = poseidon2_16(); + let perm = poseidon1_16(); // Build input on stack: [parameter | tweak | message] let mut combined_input = [F::ZERO; CHAIN_COMPRESSION_WIDTH]; @@ -363,7 +363,7 @@ impl< [left, right] => { // we compress parameter, tweak, message (now containing two parts) - let perm = poseidon2_24(); + let perm = poseidon1_24(); // Build input on stack: [parameter | tweak | left | right] let mut combined_input = [F::ZERO; MERGE_COMPRESSION_WIDTH]; @@ -385,7 +385,7 @@ impl< _ if message.len() > 2 => { // Hashing many blocks - let perm = poseidon2_24(); + let perm = poseidon1_24(); let combined_input: Vec = parameter .iter() .chain(tweak_fe.iter()) @@ -431,7 +431,7 @@ impl< array::from_fn(|i| PackedF::from(parameter.0[i])); // Permutation for merging two inputs (width-24) - let perm = poseidon2_24(); + let perm = poseidon1_24(); // Offsets for assembling packed_input: [parameter | tweak | left | right] let tweak_offset = PARAMETER_LEN; @@ -532,8 +532,8 @@ impl< // Create Poseidon permutation instances. // - Width-16 for chain compression, // - Width-24 for sponge hashing. - let chain_perm = poseidon2_16(); - let sponge_perm = poseidon2_24(); + let chain_perm = poseidon1_16(); + let sponge_perm = poseidon1_24(); // Compute domain separator for the sponge construction. // This ensures different use cases produce different outputs. @@ -740,7 +740,7 @@ mod tests { use std::collections::HashMap; use num_bigint::BigUint; - use rand::Rng; + use rand::RngExt; use super::*; use crate::symmetric::prf::shake_to_field::ShakePRFtoF; diff --git a/src/symmetric/tweak_hash_tree.rs b/src/symmetric/tweak_hash_tree.rs index d0b0bae..1dd089d 100644 --- a/src/symmetric/tweak_hash_tree.rs +++ b/src/symmetric/tweak_hash_tree.rs @@ -1,7 +1,7 @@ use crate::serialization::Serializable; use crate::symmetric::tweak_hash::TweakableHash; use rand::rngs::StdRng; -use rand::{Rng, SeedableRng}; +use rand::{RngExt, SeedableRng}; use serde::{Deserialize, Serialize}; use ssz::{Decode, DecodeError, Encode}; @@ -103,7 +103,7 @@ impl HashTreeLayer { /// - With this alignment every parent is formed from exactly two children, /// so upper layers can be built with exact size-2 chunks, with no edge cases. #[inline] - fn padded(rng: &mut R, nodes: Vec, start_index: usize) -> Self { + fn padded(rng: &mut R, nodes: Vec, start_index: usize) -> Self { // End index of the provided contiguous run (inclusive). let end_index = start_index + nodes.len() - 1; @@ -349,7 +349,7 @@ where /// Note: The RNG is used for generating nodes used for padding in the case of /// sparse trees. They could as well be fixed, and hence the RNG does not need /// to be cryptographically secure for this function. - pub fn new_subtree( + pub fn new_subtree( rng: &mut R, lowest_layer: usize, depth: usize, @@ -411,7 +411,7 @@ where /// It takes as input the roots of all 2^{depth/2} bottom trees. Note that these are /// exactly the nodes in layer depth / 2. The `start_index` indicates which bottom tree /// is the first that is given. It be in [0, 2^{depth/2}). - pub fn new_top_tree( + pub fn new_top_tree( rng: &mut R, depth: usize, start_index: usize,