-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Potential) Mismatch with Poseidon Hash paper #147
Comments
Since @DrPeterVanNostrand wrote this code, I will restrict my initial comments to surface impressions from comparison with the reference implementation. All else aside, I believe we have tests establishing that the code here generates the same values as the reference code for width up to 125. That said, it would obviously be beneficial to clear up any imprecision or discrepancies. I'd like to hear @DrPeterVanNostrand's opinion on the issue (problem, best fix) before digging in further myself. The line you quote seems to be an almost direct port from the original reference implementation. For clarity, are you suggesting that implementation is also wrong? It does look like line 83 assumes The same comment applies to line 84. |
Thanks for the quick reply!
|
Hi, @BoyuanFeng. It seems @DrPeterVanNostrand has not had time to look into the main details you raised yet. With regards to 2. above, I'm not sure why the Table 2 you linked has those numbers. The version of the paper that was current when |
Looking a little more closely, this particular discrepancy (number 2 above) seems likely to stem from the introduction of a 'security margin' (section 5.4), arbitrarily chosen to be 7.5% for the numbers used in Table 2. This seems to be analogous to the |
Thanks for the wonderful work!
It seems there are a few (potential) mismatches between round_numbers.rs and the Poseidon Hash paper. Is there any reason for this mismatch? More specifically,
let rf_interp = 0.43 * m + t.log2() - rp;
. In Poseidon Hash paper, Eq (3) requiresFor BLS12-381 with , M=128, and , we should add something like
log_5(t)
instead oft.log2()
.The text was updated successfully, but these errors were encountered: