• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • C
      • Proof-checker-array
      • Soft
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Ethereum
      • Leftist-trees
      • Java
      • Riscv
      • Taspi
      • Bitcoin
      • Zcash
      • Des
      • X86isa
      • Sha-2
      • Yul
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Axe
      • Poseidon
        • Poseidon-main-definition
        • Poseidon-instantiations
          • Poseidon-ingonyama-bls-255-neptune
          • Poseidon-ingonyama-bls-255
          • Poseidon-ingonyama-bn-254
            • Ingonyama-bn-254-hash
            • Ingonyama-bn-254--parameters
          • Poseidon-rate-8-alpha-17
          • Poseidon-rate-4-alpha-17
          • Poseidon-rate-2-alpha-17
      • Where-do-i-place-my-book
      • Aleo
      • Bigmems
      • Builtins
      • Execloader
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Community
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Poseidon-instantiations

Poseidon-ingonyama-bn-254

Instantiation of Poseidon used by Ingonyama for the BN-254 scalar field.

This is an instantiation of the Poseidon permutation used by Ingonyama, as described in the URL below. It uses the Poseidon permutation but not any sponge absorb or squeeze steps. The number of input field elements is constrained to be no more than t = c + r, and they are loaded directly into both the capacity and rate field elements, left padded with zeros if needed to bring the total to t field elements. The output is a single field element taken from t[1], which is equivalent to the first element of the rate r[0]. See the Github repository.

This particular instantiation has 1 capacity and 2 rate field elements, 8 full rounds, 57 partial rounds, and an alpha of 5. The field is the prime order of the group defined by BN-254, which is also the base field in which the Baby Jubjub curve is defined.

There is no domain separation defined for this instantiation, so the caller must make sure to do their own padding and not to expect different results for inputs of [1] and [0,1], for example

Note, there is also a test case for this instantiation in the source file ingonyama-hash-tests.lisp.

Subtopics

Ingonyama-bn-254-hash
Hash no more than c + r inputs to a single field element output.
Ingonyama-bn-254--parameters
Poseidon parameters for Ingonyama BN-254 rate 2 implementation.