From 79c74f8bbd88483ffac550b2aad8a5b218112a8c Mon Sep 17 00:00:00 2001
From: Balazs Komuves <bkomuves@gmail.com>
Date: Tue, 21 Jan 2025 12:34:07 +0100
Subject: [PATCH] sponge construction for field elements + haskell reference
 impl.

---
 README.md                            |   8 +-
 reference/README.md                  |   5 +
 reference/src/BN254.hs               |  31 ++++++
 reference/src/Permutation.hs         |  64 ++++++++++++
 reference/src/RoundConsts.hs         | 130 ++++++++++++++++++++++++
 reference/src/Sponge.hs              |  64 ++++++++++++
 src/lib.rs                           |   3 +-
 src/{poseidon2.rs => permutation.rs} |  15 ++-
 src/sponge.rs                        | 146 +++++++++++++++++++++++++++
 9 files changed, 461 insertions(+), 5 deletions(-)
 create mode 100644 reference/README.md
 create mode 100644 reference/src/BN254.hs
 create mode 100644 reference/src/Permutation.hs
 create mode 100644 reference/src/RoundConsts.hs
 create mode 100644 reference/src/Sponge.hs
 rename src/{poseidon2.rs => permutation.rs} (94%)
 create mode 100644 src/sponge.rs

diff --git a/README.md b/README.md
index c8d0f4f..c416198 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,10 @@
 `rust-poseidon2-bn254`
 --------------------
 
-Rust implementation of the Poseidon2 hash function over the BN254 curve's scalar field
-(with `t=3`). 
+Rust implementation of the Poseidon2 hash function over the BN254 curve's scalar field,
+with permutation state width `t=3`. 
+
+Currently using [arkworks](https://github.com/arkworks-rs) for field arithmetic
+(maybe replace it with something more light-weight in the future...)
 
-Currently using [arkworks](https://github.com/arkworks-rs) for field arithmetic.
 
diff --git a/reference/README.md b/reference/README.md
new file mode 100644
index 0000000..eb47047
--- /dev/null
+++ b/reference/README.md
@@ -0,0 +1,5 @@
+
+Reference implementation in Haskell
+-----------------------------------
+
+This is for generating test vectors.
diff --git a/reference/src/BN254.hs b/reference/src/BN254.hs
new file mode 100644
index 0000000..69abcdc
--- /dev/null
+++ b/reference/src/BN254.hs
@@ -0,0 +1,31 @@
+
+-- | The BN254 scalar field
+
+module BN254 where
+
+--------------------------------------------------------------------------------
+
+newtype F = MkF Integer deriving (Eq,Show)
+
+fromF :: F -> Integer
+fromF (MkF x) = x
+
+toF :: Integer -> F
+toF = MkF . modP
+
+fieldPrime :: Integer
+fieldPrime = 21888242871839275222246405745257275088548364400416034343698204186575808495617
+
+modP :: Integer -> Integer
+modP x = mod x fieldPrime
+
+instance Num F where
+  fromInteger = toF . fromInteger
+  negate (MkF x)         = toF (negate x)
+  (+)    (MkF x) (MkF y) = toF (x+y)
+  (-)    (MkF x) (MkF y) = toF (x-y)
+  (*)    (MkF x) (MkF y) = toF (x*y)
+  abs    x = x
+  signum _ = toF 1  
+
+--------------------------------------------------------------------------------
\ No newline at end of file
diff --git a/reference/src/Permutation.hs b/reference/src/Permutation.hs
new file mode 100644
index 0000000..5234b37
--- /dev/null
+++ b/reference/src/Permutation.hs
@@ -0,0 +1,64 @@
+
+
+-- | The Poseidon2 permutation
+
+module Permutation where
+
+--------------------------------------------------------------------------------
+
+import Data.Word
+
+import RoundConsts
+import BN254
+
+--------------------------------------------------------------------------------
+
+type State a = (a,a,a)
+
+--------------------------------------------------------------------------------
+
+sbox :: F -> F
+sbox x = x4*x where
+  x2 = x *x
+  x4 = x2*x2
+
+internalRound :: F -> State F -> State F 
+internalRound c (x,y,z) = 
+  ( 2*x' +   y +   z 
+  ,   x' + 2*y +   z 
+  ,   x' +   y + 3*z 
+  )
+  where
+    x' = sbox (x + c) 
+
+externalRound :: State F -> State F -> State F
+externalRound (cx,cy,cz) (x,y,z) = (x'+s , y'+s , z'+s) where
+  x' = sbox (x + cx)
+  y' = sbox (y + cy)
+  z' = sbox (z + cz)
+  s  = x' + y' + z'
+
+linearLayer :: State F -> State F
+linearLayer (x,y,z) = (x+s, y+s, z+s) where s = x+y+z
+
+--------------------------------------------------------------------------------
+
+permute :: State F -> State F
+permute 
+  = (\state -> foldl (flip externalRound) state finalRoundConsts   )
+  . (\state -> foldl (flip internalRound) state internalRoundConsts)
+  . (\state -> foldl (flip externalRound) state initialRoundConsts )
+  . linearLayer
+
+--------------------------------------------------------------------------------
+
+compress :: (F,F) -> F
+compress (x,y) = fst3 $ permute (x,y,0)
+
+keyedCompress :: Word -> (F,F) -> F
+keyedCompress key (x,y) = fst3 $ permute (x,y,fromIntegral key)
+
+--------------------------------------------------------------------------------
+
+fst3 :: (a,b,c) -> a
+fst3 (x,_,_) = x
diff --git a/reference/src/RoundConsts.hs b/reference/src/RoundConsts.hs
new file mode 100644
index 0000000..5e5009e
--- /dev/null
+++ b/reference/src/RoundConsts.hs
@@ -0,0 +1,130 @@
+
+
+module RoundConsts where
+
+--------------------------------------------------------------------------------
+
+import BN254
+
+--------------------------------------------------------------------------------
+
+{-
+matDiag3 :: [[F]]
+matDiag3 = 
+  [ [1,0,0]
+  , [0,1,0]
+  , [0,0,2]
+  ]
+
+matInternal3 :: [[F]]
+matInternal3 = 
+  [ [2,1,1]
+  , [1,2,1]
+  , [1,1,3]
+  ]
+-}
+
+--------------------------------------------------------------------------------
+
+initialRoundConsts :: [(F,F,F)]
+initialRoundConsts =
+  [ ( 0x2c4c51fd1bb9567c27e99f5712b49e0574178b41b6f0a476cddc41d242cf2b43
+    , 0x1c5f8d18acb9c61ec6fcbfcda5356f1b3fdee7dc22c99a5b73a2750e5b054104
+    , 0x2d3c1988b4541e4c045595b8d574e98a7c2820314a82e67a4e380f1c4541ba90 
+    )
+  , ( 0x052547dc9e6d936cab6680372f1734c39f490d0cb970e2077c82f7e4172943d3
+    , 0x29d967f4002adcbb5a6037d644d36db91f591b088f69d9b4257694f5f9456bc2
+    , 0x0350084b8305b91c426c25aeeecafc83fc5feec44b9636cb3b17d2121ec5b88a
+    )
+  , ( 0x1815d1e52a8196127530cc1e79f07a0ccd815fb5d94d070631f89f6c724d4cbe
+    , 0x17b5ba882530af5d70466e2b434b0ccb15b7a8c0138d64455281e7724a066272
+    , 0x1c859b60226b443767b73cd1b08823620de310bc49ea48662626014cea449aee
+    )
+  , ( 0x1b26e7f0ac7dd8b64c2f7a1904c958bb48d2635478a90d926f5ff2364effab37
+    , 0x2da7f36850e6c377bdcdd380efd9e7c419555d3062b0997952dfbe5c54b1a22e
+    , 0x17803c56450e74bc6c7ff97275390c017f682db11f3f4ca6e1f714efdfb9bd66
+    )
+  ]
+
+internalRoundConsts :: [F]
+internalRoundConsts =
+  [ 0x15ce7e5ae220e8623a40b3a3b22d441eff0c9be1ae1d32f1b777af84eea7e38c
+  , 0x1bf60ac8bfff0f631983c93e218ca0d4a4059c254b4299b1d9984a07edccfaf0
+  , 0x0fab0c9387cb2bec9dc11b2951088b9e1e1d2978542fc131f74a8f8fdac95b40
+  , 0x07d085a48750738019784663bccd460656dc62c1b18964a0d27a5bd0c27ee453
+  , 0x10d57b1fad99da9d3fe16cf7f5dae05be844f67b2e7db3472a2e96e167578bc4
+  , 0x0c36c40f7bd1934b7d5525031467aa39aeaea461996a70eda5a2a704e1733bb0
+  , 0x0e4b65a0f3e1f9d3166a2145063c999bd08a4679676d765f4d11f97ed5c080ae
+  , 0x1ce5561061120d5c7ea09da2528c4c041b9ad0f05d655f38b10d79878b69f29d
+  , 0x2d323f651c3da8f0e0754391a10fa111b25dfa00471edf5493c44dfc3f28add6
+  , 0x05a0741ee5bdc3e099fd6bdad9a0865bc9ceecd13ea4e702e536dd370b8f1953
+  , 0x176a2ec4746fc0e0eca9e5e11d6facaee05524a92e5785c8b8161780a4435136
+  , 0x0691faf0f42a9ed97629b1ae0dc7f1b019c06dd852cb6efe57f7eeb1aa865aef
+  , 0x0e46cf138dad09d61b9a7cab95a23b5c8cb276874f3715598bacb55d5ad271de
+  , 0x0f18c3d95bac1ac424160d240cdffc2c44f7b6315ba65ed3ff2eff5b3e48b4f2
+  , 0x2eea6af14b592ec45a4119ac1e6e6f0312ecd090a096e340d472283e543ddff7
+  , 0x06b0d7a8f4ce97d049ae994139f5f71dca4899d4f1cd3dd83a32a89a58c0a8e6
+  , 0x019df0b9828eed5892dd55c1ad6408196f6293d600ef4491703a1b37e119ba8e
+  , 0x08ca5e3c93817cdb1c2b2a12d02c779d74c1bb12b6668f3ab3ddd7837f3a4a00
+  , 0x28382d747e3fd6cb2e0d8e8edd79c5313eed307a3517c11046245b1476e4f701
+  , 0x0ca89aecd5675b77c8271765da98cfcb6875b3053d4742c9ff502861bd16ad28
+  , 0x19046bc0b03ca90802ec83f212001e7ffd7f9224cfffae523451deb52eab3787
+  , 0x036fd7dfa1c05110b3428e6abcc43e1de9abba915320c4a600f843bfb676ca51
+  , 0x08f0a7abcb1a2f6595a9b7380c5028e3999db4fe5cb21892e5bb5cb11a7757ba
+  , 0x0b614acc1ce3fbe9048f8385e4ee24c3843deea186bacea3c904c9f6340ad8cb
+  , 0x00b2d98c5d988f9b41f2c98e017fc954a6ae423b2261575941f8eac8835d985c
+  , 0x1457f18555b7973ba5b311d57ec5d77e936980b97f5973875f1f7cc765a4fc95
+  , 0x002b453debc1bee525cb751bc10641a6b86f847d696418cf1144950982591bfa
+  , 0x0c2af1abcc6ece77218315d2af445ccbfc6647b7af2510682882cc792c6bb8cf
+  , 0x0e2825d9eb84b59902a1adb49ac0c2c291dee7c45d2e8c30369a4d595039e8ad
+  , 0x297e2e86a8c672d39f3343b8dfce7a6f20f3571bfd5c8a28e3905aa2dcfeca44
+  , 0x00d397281d902e49ec6504ba9186e806db9ad4fc8f86e7277aa7f1467eb6f9de
+  , 0x2fb7c89c372d7e2050e7377ed471000c73544a2b9fd66557f3577c09cac98b4b
+  , 0x16125247be4387a8c3e62490167f0cffdba02eda4f018d0b40639a13bb0cfef9
+  , 0x2291fd9d442f2d9b97ab22f7d4d52c2a82e41f852cf620b144612650a39e26e8
+  , 0x1eec61f16a275ae238540feaeeadfec56d32171b1cc393729d06f37f476fde71
+  , 0x259ce871ba5dacbb48d8aed3d8513eef51558dc0b360f28c1a15dbfc5e7f6ca2
+  , 0x2d3376a14ddbf95587e2f7567ff04fe13a3c7cb17363c8b9c5dd1d9262a210cb
+  , 0x13b843d9f65f4cddd7ce10d9cad9b8b99ac5e9a8c4269288173a91c0f3c3b084
+  , 0x0b52e9b2f1aa9fd204e4a42c481cc76c704783e34114b8e93e026a50fa9764e8
+  , 0x1fd083229276c7f27d3ad941476b394ff37bd44d3a1e9caca1400d9077a2056c
+  , 0x22743c328a6283f3ba7379af22c684c498568fd7ad9fad5151368c913197cbd9
+  , 0x043007aefd9741070d95caaaba0c1b070e4eec8eef8c1e512c8e579c6ed64f76
+  , 0x17ab175144f64bc843074f6b3a0c57c5dd2c954af8723c029ee642539496a7b3
+  , 0x2befcad3d53fba5eeef8cae9668fed5c1e9e596a46e8458e218f7a665fddf4eb
+  , 0x15151c4116d97de74bfa6ca3178f73c8fe8fe612c70c6f85a7a1551942cb71cc
+  , 0x2ac40bf6c3176300a6835d5fc7cc4fd5e5d299fb1baa86487268ec1b9eedfa97
+  , 0x0f151de1f01b4e24ffe04279318f0a68efabb485188f191e37e6915ff6059f6e
+  , 0x2e43dffc34537535182aebac1ad7bf0a5533b88f65f9652f0ad584e2ffc4dd1f
+  , 0x2ebabc2c37ef53d8b13b24a2a2b729d536735f58956125a3876da0664c2442d7
+  , 0x0dc3beceb34e49f5ad7226dd202c5cf879dffcc9a6dd32a300e8f2a4b59edf03
+  , 0x2f1ddeccce83adf68779c53b639871a8f81d4d00aefe1e812efce8ec999d457d
+  , 0x1f63e41280ff5c021715d52b19780298ed8bd3d5eb506316b527e24149d4d4f1
+  , 0x1b8c1252a5888f8cb2672effb5df49c633d3fd7183271488a1c40d0f88e7636e
+  , 0x0f45697130f5498e2940568ef0d5e9e16b1095a6cdbb6411df20a973c605e70b
+  , 0x0780ccc403cdd68983acbd34cda41cacfb2cf911a93076bc25587b4b0aed4929
+  , 0x238d26ca97c691591e929f32199a643550f325f23a85d420080b289d7cecc9d4
+  ]
+
+finalRoundConsts :: [(F,F,F)]
+finalRoundConsts =
+  [ ( 0x25672a14b5d085e31a30a7e1d5675ebfab034fb04dc2ec5e544887523f98dede
+    , 0x0cf702434b891e1b2f1d71883506d68cdb1be36fa125674a3019647b3a98accd
+    , 0x1837e75235ff5d112a5eddf7a4939448748339e7b5f2de683cf0c0ae98bdfbb3
+    ) 
+  , ( 0x1cd8a14cff3a61f04197a083c6485581a7d836941f6832704837a24b2d15613a
+    , 0x266f6d85be0cef2ece525ba6a54b647ff789785069882772e6cac8131eecc1e4
+    , 0x0538fde2183c3f5833ecd9e07edf30fe977d28dd6f246d7960889d9928b506b3
+    ) 
+  , ( 0x07a0693ff41476abb4664f3442596aa8399fdccf245d65882fce9a37c268aa04
+    , 0x11eb49b07d33de2bd60ea68e7f652beda15644ed7855ee5a45763b576d216e8e
+    , 0x08f8887da6ce51a8c06041f64e22697895f34bacb8c0a39ec12bf597f7c67cfc
+    ) 
+  , ( 0x2a912ec610191eb7662f86a52cc64c0122bd5ba762e1db8da79b5949fdd38092
+    , 0x2031d7fd91b80857aa1fef64e23cfad9a9ba8fe8c8d09de92b1edb592a44c290
+    , 0x0f81ebce43c47711751fa64d6c007221016d485641c28c507d04fd3dc7fba1d2
+    ) 
+  ]
+
+--------------------------------------------------------------------------------
+    
\ No newline at end of file
diff --git a/reference/src/Sponge.hs b/reference/src/Sponge.hs
new file mode 100644
index 0000000..6d90ecb
--- /dev/null
+++ b/reference/src/Sponge.hs
@@ -0,0 +1,64 @@
+
+{-# LANGUAGE RecordWildCards #-}
+module Sponge where
+
+--------------------------------------------------------------------------------
+
+import BN254
+import Permutation
+
+--------------------------------------------------------------------------------
+
+data Config = Config 
+  { rate    :: Int       -- ^ rate of the sponge
+  , width   :: Int       -- ^ width of the permutation
+  , nbits   :: Int       -- ^ number of bits in the input elements (eg: 1,8,64,254)
+  , padding :: Int       -- ^ padding strategy (255 => no padding; 1 => @10*@ padding)
+  }
+  deriving Show
+
+-- | @IV := 2^64 + 2^24*padding + 2^16*nbits + 2^8*t + rate@
+domainSep :: Config -> F
+domainSep (Config{..}) 
+  = fromIntegral rate 
+  + fromIntegral width   * (2^8 )
+  + fromIntegral nbits   * (2^16)
+  + fromIntegral padding * (2^24)
+  + fromInteger            (2^64)
+
+--------------------------------------------------------------------------------
+
+-- | Sponge construction with rate=2 (capacity=1), zero IV and 10* padding
+feltSpongeWithPad :: [F] -> F
+feltSpongeWithPad input = go (0,0,civ) (pad_10star input) where
+  -- domain separation capacity IV
+  civ = domainSep $ Config { rate = 2 , width = 3 , nbits = 254 , padding = 1 }
+
+  go (sx,_ ,_ ) []         = sx
+  go (sx,sy,sz) (a:b:rest) = go state' rest where 
+    state' = permute (sx+a, sy+b, sz)
+
+pad_10star :: [F] -> [F]
+pad_10star = go where
+  go (x:y:rest) = x : y : go rest
+  go [x]        = [x,1]
+  go []         = [1,0]
+
+--------------------------------------------------------------------------------
+
+-- | Sponge construction with rate=2 (capacity=1), zero IV and no padding
+feltSpongeWithoutPad :: [F] -> F
+feltSpongeWithoutPad input
+  | input == []   = error "the combination of empty input and no padding is not allowed!"
+  | otherwise     = fst3 $ go (0,0,civ) input where
+
+  -- domain separation capacity IV
+  civ = domainSep $ Config { rate = 2 , width = 3 , nbits = 254 , padding = 255 }
+
+  add (x,y) (sx,sy,sz) = (sx+x, sy+y, sz)
+
+  go state []         =                         state
+  go state [a]        =     permute $ add (a,0) state
+  go state (a:b:rest) = go (permute $ add (a,b) state) rest
+
+--------------------------------------------------------------------------------
diff --git a/src/lib.rs b/src/lib.rs
index 3989442..b257513 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,2 +1,3 @@
 mod constants;
-pub mod poseidon2;
+pub mod permutation;
+pub mod sponge;
diff --git a/src/poseidon2.rs b/src/permutation.rs
similarity index 94%
rename from src/poseidon2.rs
rename to src/permutation.rs
index 10bd271..042d43a 100644
--- a/src/poseidon2.rs
+++ b/src/permutation.rs
@@ -7,7 +7,20 @@ use crate::constants::*;
 //------------------------------------------------------------------------------
 
 #[derive(Copy, Clone, Debug, PartialEq, Eq)] 
-pub struct State { x: F, y: F, z: F } 
+pub struct State 
+  { pub x: F
+  , pub y: F
+  , pub z: F 
+} 
+
+// cannot be a constant, because stupid rust people...
+pub fn zero_state() -> State {
+  State 
+    { x: F::zero()
+    , y: F::zero()
+    , z: F::zero()
+    }
+}
 
 //------------------------------------------------------------------------------
 
diff --git a/src/sponge.rs b/src/sponge.rs
new file mode 100644
index 0000000..08f962e
--- /dev/null
+++ b/src/sponge.rs
@@ -0,0 +1,146 @@
+
+use ark_ff::prelude::{Zero,One};
+use ark_bn254::Fr as F;
+
+use crate::permutation::*;
+
+//------------------------------------------------------------------------------
+
+//
+// domain separation.
+// we use 
+// 
+//   IV := 2^64 + 2^24*padding + 2^16*nbits + 2^8*t + rate
+//
+// in the capacity position, so the inital state is `(0,0,IV)`
+//
+// where `nbits` is the number of the bits in the input type:
+//   u = 1    -> bit sequence
+//   u = 8    -> byte sequence
+//   u = 64   -> u64 sequence
+//   u = 254  -> BN254 scalar field element sequence 
+//
+// and padding encodes the padding strategy:
+//
+//   p = 0    -> no padding (only safe with constant length inputs!)
+//   p = 1    -> `10*` padding strategy
+//
+
+fn domain_separator(rate: usize, state_size: usize, input_bits: usize, padding: usize) -> F {
+  let low:  u128 = ( rate + (state_size<<8) + (input_bits<<16) + (padding<<24) ) as u128;
+  let high: u128 = 1 << 64;
+  let domsep = F::from(high + low);
+  println!("domsep = {:?}", domsep );
+  domsep
+}
+
+//------------------------------------------------------------------------------
+
+// hash of field elements with the `10*` padding stategy (rate=2, capacity=1)
+pub fn sponge_felts_pad(xs: Vec<F>) -> F {
+  let l: usize = xs.len();
+  let m: usize = l / 2;
+  let mut state: State = zero_state();
+  state.z = domain_separator(2, 3, 254, 1);
+  for i in 0..m {
+    state.x += xs[2*i  ];
+    state.y += xs[2*i+1];
+    permute_inplace(&mut state);
+  }
+  if (l & 1) == 0 {
+    // even
+    state.x += F::one();
+    state.y += F::zero();
+    permute_inplace(&mut state);
+  }
+  else {
+    // odd
+    state.x += xs[2*m];
+    state.y += F::one();
+    permute_inplace(&mut state);
+  }
+  state.x  
+}
+
+//------------------------------------------------------------------------------
+
+// hash of field elements without padding (rate=2, capacity=1)
+pub fn sponge_felts_no_pad(xs: Vec<F>) -> F {
+  let l: usize = xs.len();
+  assert!( l > 0 , "calling a sponge without padding for an empty input is not allowed");
+  let m: usize = l / 2;
+  let mut state: State = zero_state();
+  state.z = domain_separator(2, 3, 254, 255);
+  for i in 0..m {
+    state.x += xs[2*i  ];
+    state.y += xs[2*i+1];
+    permute_inplace(&mut state);
+  }
+  if (l & 1) == 0 {
+    // even
+  }
+  else {
+    // odd
+    state.x += xs[2*m];
+    permute_inplace(&mut state);
+  }
+  state.x  
+}
+
+//------------------------------------------------------------------------------
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+  use ark_std::str::FromStr;
+
+   #[test]
+  fn sponge_felt_pad_kats() {
+    let expected_results_rate2: [F; 9] =
+      [ F::from_str("19499082269592267598445447545057958665614609297846978854367973542689225942769").unwrap()
+      , F::from_str("18575012789231469229884764324941297325518518125159947154666143736134627612926").unwrap()
+      , F::from_str("8497041170554791294461959662381834821683188757759653310126334787903454881833" ).unwrap()
+      , F::from_str("7477361136953606818741895260704612015724121297282898803513690475311354933324" ).unwrap()
+      , F::from_str("124468679175306239235509344657309567209200730228442938605071013597332255858"  ).unwrap()
+      , F::from_str("16623067489256565233778087665060282683386099247772442960143578746217625299219").unwrap()
+      , F::from_str("11486960019850145257815352297225482939271961443661416961989480881863168607026").unwrap()
+      , F::from_str("20420541301992412878354329495337915388337723490334029715201499395107517967097").unwrap()
+      , F::from_str("15368493599988308785714434050658408098972196808672741268698522157366881904768").unwrap()
+      ];
+    for n in 0..9 {
+      let mut input: Vec<F> = vec![];
+      for i in 0..n { 
+        input.push( F::from( (i+1) as u64 ) ); 
+      }
+      println!("{} -> {:?}",n,input);
+      let hash = sponge_felts_pad(input);
+      assert_eq!( hash, expected_results_rate2[n] );
+    }
+  }
+
+
+  #[test]
+  fn sponge_felt_no_pad_kats() {
+    let expected_results_rate2: [F; 8] =
+      [ F::from_str("12436596435061241139494609254441532101975156984785247438430218269367637564721").unwrap()
+      , F::from_str("13776645629657805681320936464215569484592532014724269311132107597767076186080").unwrap()
+      , F::from_str("15672651940583329603224775244906975133219543544569309474870924637674069574381").unwrap()
+      , F::from_str("18344230412728640899019354443202382658669360934913267412359635786624065034390").unwrap()
+      , F::from_str("17677852938281982781904616714585735700373643150759519434566383135318143611879").unwrap()
+      , F::from_str("5497863312684999074711437591834873546200107612265319209549992389042679138148" ).unwrap()
+      , F::from_str("18463022787715726219296039697387566904347367917209714404058652712879402042682").unwrap()
+      , F::from_str("3701269753452043827901155479778455778316871093798312420317871137452978084903" ).unwrap()
+      ];
+    for n in 1..9 {
+      let mut input: Vec<F> = vec![];
+      for i in 0..n { 
+        input.push( F::from( (i+1) as u64 ) ); 
+      }
+      println!("{} -> {:?}",n,input);
+      let hash = sponge_felts_no_pad(input);
+      assert_eq!( hash, expected_results_rate2[n-1] );
+    }
+  }
+
+
+}