Struct miden_crypto::hash::rpo::Rpo256

source · 
pub struct Rpo256(/* private fields */);
Expand description

Implementation of the Rescue Prime Optimized hash function with 256-bit output.

The hash function is implemented according to the Rescue Prime Optimized specifications

The parameters used to instantiate the function are:

  • Field: 64-bit prime field with modulus 2^64 - 2^32 + 1.
  • State width: 12 field elements.
  • Capacity size: 4 field elements.
  • Number of founds: 7.
  • S-Box degree: 7.

The above parameters target 128-bit security level. The digest consists of four field elements and it can be serialized into 32 bytes (256 bits).

Hash output consistency

Functions hash_elements(), merge(), and merge_with_int() are internally consistent. That is, computing a hash for the same set of elements using these functions will always produce the same result. For example, merging two digests using merge() will produce the same result as hashing 8 elements which make up these digests using hash_elements() function.

However, hash() function is not consistent with functions mentioned above. For example, if we take two field elements, serialize them to bytes and hash them using hash(), the result will differ from the result obtained by hashing these elements directly using hash_elements() function. The reason for this difference is that hash() function needs to be able to handle arbitrary binary strings, which may or may not encode valid field elements - and thus, deserialization procedure used by this function is different from the procedure used to deserialize valid field elements.

Thus, if the underlying data consists of valid field elements, it might make more sense to deserialize them into field elements and then hash them using hash_elements() function rather then hashing the serialized bytes using hash() function.

Implementations§

source§

impl Rpo256

source

pub const NUM_ROUNDS: usize = 7usize

The number of rounds is set to 7 to target 128-bit security level.

source

pub const STATE_WIDTH: usize = 12usize

Sponge state is set to 12 field elements or 768 bytes; 8 elements are reserved for rate and the remaining 4 elements are reserved for capacity.

source

pub const RATE_RANGE: Range<usize> = RATE_RANGE

The rate portion of the state is located in elements 4 through 11 (inclusive).

source

pub const CAPACITY_RANGE: Range<usize> = CAPACITY_RANGE

The capacity portion of the state is located in elements 0, 1, 2, and 3.

source

pub const DIGEST_RANGE: Range<usize> = DIGEST_RANGE

The output of the hash function can be read from state elements 4, 5, 6, and 7.

source

pub const MDS: [[Felt; 12]; 12] = MDS

MDS matrix used for computing the linear layer in a RPO round.

source

pub const ARK1: [[Felt; 12]; 7] = ARK1

Round constants added to the hasher state in the first half of the RPO round.

source

pub const ARK2: [[Felt; 12]; 7] = ARK2

Round constants added to the hasher state in the second half of the RPO round.

source

pub fn hash(bytes: &[u8]) -> RpoDigest

Returns a hash of the provided sequence of bytes.

source

pub fn merge(values: &[RpoDigest; 2]) -> RpoDigest

Returns a hash of two digests. This method is intended for use in construction of Merkle trees and verification of Merkle paths.

source

pub fn hash_elements<E: FieldElement<BaseField = Felt>>( elements: &[E] ) -> RpoDigest

Returns a hash of the provided field elements.

source

pub fn merge_in_domain(values: &[RpoDigest; 2], domain: Felt) -> RpoDigest

Returns a hash of two digests and a domain identifier.

source

pub fn apply_permutation(state: &mut [Felt; 12])

Applies RPO permutation to the provided state.

source

pub fn apply_round(state: &mut [Felt; 12], round: usize)

RPO round function.

Trait Implementations§

source§

impl Clone for Rpo256

source§

fn clone(&self) -> Rpo256

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Rpo256

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl ElementHasher for Rpo256

§

type BaseField = BaseElement

Specifies a base field for elements which can be hashed with this hasher.
source§

fn hash_elements<E: FieldElement<BaseField = Self::BaseField>>( elements: &[E] ) -> Self::Digest

Returns a hash of the provided field elements.
source§

impl Hasher for Rpo256

source§

const COLLISION_RESISTANCE: u32 = 128u32

Rpo256 collision resistance is the same as the security level, that is 128-bits.

Collision resistance

However, our setup of the capacity registers might drop it to 126.

Related issue: #69

§

type Digest = RpoDigest

Specifies a digest type returned by this hasher.
source§

fn hash(bytes: &[u8]) -> Self::Digest

Returns a hash of the provided sequence of bytes.
source§

fn merge(values: &[Self::Digest; 2]) -> Self::Digest

Returns a hash of two digests. This method is intended for use in construction of Merkle trees.
source§

fn merge_with_int(seed: Self::Digest, value: u64) -> Self::Digest

Returns hash(seed || value). This method is intended for use in PRNG and PoW contexts.
source§

impl PartialEq for Rpo256

source§

fn eq(&self, other: &Rpo256) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Copy for Rpo256

source§

impl Eq for Rpo256

source§

impl StructuralEq for Rpo256

source§

impl StructuralPartialEq for Rpo256

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.