Update Pedersen::hash_buffer once we have implemented Poseidon #2796
Labels
Comments
zac-williamson
added
C-barretenberg
|
Related to this comment in the pedersen cleanup issue -- Update: This is roughly still the case after the pedersen refactor |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current
pedersen::hash_buffermethod, which hashes a buffer of bytes is non-canonical. It splits the bytes into 31-byte field elements and then performs a pairwise hash.i.e. we compute H(elements[0], H(elements[1], ..., H(elements[n-1]))) instead of H(elements[0], elements[1], ..., elements[n-1])
We do this in order to keep the UltraPlonk recursive verificaion circuit under 2^19 constraints (pairwise Pedersen hashes are very efficient due to using Plookup tables. Larger hashes cannot as we cannot spare the table space for more than 2 generators).
Once Poseidon is implemented, it should be more efficient than Pedersen when hashing large amounts of data. We can therefore replace current uses with Poseidon, and make
pedersen::hash_buffer's behavior more canonical, or potentially remove it altogether.The text was updated successfully, but these errors were encountered: