nim-poseidon2/poseidon2.nim

import constantine/math/arithmetic

import poseidon2/types
import poseidon2/roundfun
import poseidon2/io

export toBytes

#-------------------------------------------------------------------------------

# the Poseidon2 permutation (mutable, in-place version)
proc permInplace*(x, y, z : var F) =
  linearLayer(x, y, z)
  for j in 0..3:
    externalRound(j, x, y, z)
  for j in 0..55:
    internalRound(j, x, y, z)
  for j in 4..7:
    externalRound(j, x, y, z)

# the Poseidon2 permutation
func perm*(xyz: S) : S =
  var (x,y,z) = xyz
  permInplace(x, y, z)
  return (x,y,z)

#-------------------------------------------------------------------------------

# sponge with rate=1 (capacity=2)
func spongeWithRate1*(xs: openArray[F]) : F =
  var s0 : F = zero
  var s1 : F = zero
  var s2 : F = toF(0x0301) ; s2 += twoToThe64        # domain separation IV := (2^64 + 256*t + r)

  for x in xs:
    s0 += x
    permInplace(s0,s1,s2)

  # padding
  s0 += one
  permInplace(s0,s1,s2)
  return s0

# sponge with rate=2 (capacity=1)
func spongeWithRate2*(xs: openArray[F]) : F =
  let a = low(xs)
  let b = high(xs)
  let n = b-a+1
  let halfn  : int  = n div 2

  var s0 : F = zero
  var s1 : F = zero
  var s2 : F = toF(0x0302) ; s2 += twoToThe64        # domain separation IV := (2^64 + 256*t + r)

  for i in 0..<halfn:
    s0 += xs[a+2*i  ]
    s1 += xs[a+2*i+1]
    permInplace(s0,s1,s2)

  if (2*halfn == n):
    # padding even input
    s0 += one
    s1 += zero
  else:
    # padding odd input
    s0 += xs[b]
    s1 += one

  permInplace(s0,s1,s2)
  return s0

#-------------------------------------------------------------------------------

# 2-to-1 compression
func compress*(a, b : F) : F =
  var x = a
  var y = b
  var z : F ; setZero(z)
  permInplace(x, y, z)
  return x

func merkleRoot*(xs: openArray[F]) : F =
  let a = low(xs)
  let b = high(xs)
  let m = b-a+1

  if m==1:
    return xs[a]

  else:
    let halfn  : int  = m div 2
    let n      : int  = 2*halfn
    let isOdd : bool = (n != m)

    var ys : seq[F]
    if not isOdd:
      ys = newSeq[F](halfn)
    else:
      ys = newSeq[F](halfn+1)

    for i in 0..<halfn:
      ys[i] = compress( xs[a+2*i], xs[a+2*i+1] )
    if isOdd:
      ys[halfn] = compress( xs[n], zero )

    return merkleRoot(ys)

func merkleRoot*(bytes: openArray[byte]): F =
  merkleRoot(seq[F].fromBytes(bytes))

#-------------------------------------------------------------------------------
add sponge construction 2023-11-07 11:58:15 +01:00			`import constantine/math/arithmetic`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00
Fix imports 2023-10-24 13:57:47 +02:00			`import poseidon2/types`
add sponge construction 2023-11-07 11:58:15 +01:00			`import poseidon2/roundfun`
move unmarshal into its own module called 'io' Includes separate tests for unmarshalling that were previously tested as part of the merkleRoot calculation. Includes tests for unmarshalling little endian and big endian byte arrays. 2023-10-31 13:40:07 +01:00			`import poseidon2/io`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00
Export conversion of field elements to bytes on main API 2023-11-02 10:31:26 +01:00			`export toBytes`

quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`#-------------------------------------------------------------------------------`

add sponge construction 2023-11-07 11:58:15 +01:00			`# the Poseidon2 permutation (mutable, in-place version)`
			`proc permInplace*(x, y, z : var F) =`
Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`linearLayer(x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`for j in 0..3:`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`externalRound(j, x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`for j in 0..55:`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`internalRound(j, x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`for j in 4..7:`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`externalRound(j, x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00
add sponge construction 2023-11-07 11:58:15 +01:00			`# the Poseidon2 permutation`
Ensure that we don't have any side-effects Required for integration into libp2p, and a good idea in general :) 2023-11-01 10:34:55 +01:00			`func perm*(xyz: S) : S =`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`var (x,y,z) = xyz`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`permInplace(x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`return (x,y,z)`

			`#-------------------------------------------------------------------------------`

Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`# sponge with rate=1 (capacity=2)`
add sponge construction 2023-11-07 11:58:15 +01:00			`func spongeWithRate1*(xs: openArray[F]) : F =`
			`var s0 : F = zero`
			`var s1 : F = zero`
add domain separation for the sponge construction 2023-11-07 14:54:10 +01:00			`var s2 : F = toF(0x0301) ; s2 += twoToThe64 # domain separation IV := (2^64 + 256*t + r)`
add sponge construction 2023-11-07 11:58:15 +01:00
minor improvements 2023-11-07 14:21:37 +01:00			`for x in xs:`
			`s0 += x`
add sponge construction 2023-11-07 11:58:15 +01:00			`permInplace(s0,s1,s2)`

			`# padding`
Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`s0 += one`
add sponge construction 2023-11-07 11:58:15 +01:00			`permInplace(s0,s1,s2)`
			`return s0`

Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`# sponge with rate=2 (capacity=1)`
add sponge construction 2023-11-07 11:58:15 +01:00			`func spongeWithRate2*(xs: openArray[F]) : F =`
			`let a = low(xs)`
			`let b = high(xs)`
			`let n = b-a+1`
Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`let halfn : int = n div 2`
add sponge construction 2023-11-07 11:58:15 +01:00
			`var s0 : F = zero`
			`var s1 : F = zero`
add domain separation for the sponge construction 2023-11-07 14:54:10 +01:00			`var s2 : F = toF(0x0302) ; s2 += twoToThe64 # domain separation IV := (2^64 + 256*t + r)`
add sponge construction 2023-11-07 11:58:15 +01:00
			`for i in 0..<halfn:`
			`s0 += xs[a+2*i ]`
			`s1 += xs[a+2*i+1]`
			`permInplace(s0,s1,s2)`

			`if (2*halfn == n):`
			`# padding even input`
			`s0 += one`
			`s1 += zero`
			`else:`
			`# padding odd input`
			`s0 += xs[b]`
			`s1 += one`

Address review comments Co-Authored-By: Dmitriy Ryajov <dryajov@gmail.com> 2023-11-13 11:34:19 +01:00			`permInplace(s0,s1,s2)`
add sponge construction 2023-11-07 11:58:15 +01:00			`return s0`

			`#-------------------------------------------------------------------------------`

			`# 2-to-1 compression`
Ensure that we don't have any side-effects Required for integration into libp2p, and a good idea in general :) 2023-11-01 10:34:55 +01:00			`func compress*(a, b : F) : F =`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`var x = a`
			`var y = b`
			`var z : F ; setZero(z)`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`permInplace(x, y, z)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`return x`

Ensure that we don't have any side-effects Required for integration into libp2p, and a good idea in general :) 2023-11-01 10:34:55 +01:00			`func merkleRoot*(xs: openArray[F]) : F =`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`let a = low(xs)`
			`let b = high(xs)`
			`let m = b-a+1`

			`if m==1:`
			`return xs[a]`

			`else:`
			`let halfn : int = m div 2`
			`let n : int = 2*halfn`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`let isOdd : bool = (n != m)`
Remove trailing whitespace 2023-10-24 13:55:04 +02:00
Fix merkle root of odd number of elements 2023-11-09 10:20:10 +01:00			`var ys : seq[F]`
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`if not isOdd:`
Fix merkle root of odd number of elements 2023-11-09 10:20:10 +01:00			`ys = newSeq[F](halfn)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00			`else:`
Fix merkle root of odd number of elements 2023-11-09 10:20:10 +01:00			`ys = newSeq[F](halfn+1)`

			`for i in 0..<halfn:`
			`ys[i] = compress( xs[a+2i], xs[a+2i+1] )`
			`if isOdd:`
			`ys[halfn] = compress( xs[n], zero )`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00
Convert under_scores to camelCase 2023-10-24 14:16:54 +02:00			`return merkleRoot(ys)`
quick Nim implementation of Poseidon2 via constantine (BN254, t=3) 2023-07-28 22:10:14 +02:00
Ensure that we don't have any side-effects Required for integration into libp2p, and a good idea in general :) 2023-11-01 10:34:55 +01:00			`func merkleRoot*(bytes: openArray[byte]): F =`
Rename marshal -> toBytes, unmarshal -> fromBytes For two reasons: - to distinguish them from the marshalling functions from constantine - they do not follow the convention that something that is marshalled can be unmarshalled, because they take in 31 bytes but produce 32 bytes 2023-11-02 10:07:45 +01:00			`merkleRoot(seq[F].fromBytes(bytes))`
add sponge construction 2023-11-07 11:58:15 +01:00
			`#-------------------------------------------------------------------------------`