		Search-engine friendly clone of the ACL2 documentation.

Poseidon-instantiations

Poseidon-ingonyama-bls-255-neptune

Instantiation of Poseidon used by Ingonyama for Neptune.

This is an instantiation of the Poseidon permuation used by Ingonyama, as described in the URL below. It uses the Poseidon permutation but not any sponge absorb or squeeze steps. The number of input field elements is constrained to be no more than t = c + r, and they are loaded directly into both the capacity and rate field elements, left padded with zeros if needed to bring the total to t field elements. The output is a single field element taken from t[1], which is equivalent to the first element of the rate r[0]. See the Github repository.

This particular instantiation has 1 capacity and 3 rate field elements, 8 full rounds, 56 partial rounds, and an alpha of 5. The field is the prime order of the group defined by BLS12-381, which is also the base field in which the Jubjub curve is defined. Field elements require 255 bits.

There can be a domain separation field used with this instantiation. However, it is applied to the input before calling the permutation, so we do not model it here. A caller must model it separately.

Note, there is also a test case for this instantiation in the source file ingonyama-hash-tests.lisp.

Subtopics

Ingonyama-bls-255-neptune-hash: Hash no more than c + r inputs to a single field element output.
Ingonyama-bls-255-neptune--parameters: Poseidon parameters for Ingonyama BLS-255-neptune rate 3 implementation.