PoseidonEx and dependencies

iden3 · Jun 17, 2022 · db02024 · db02024
1 parent f35580b
commit db02024
Show file tree

Hide file tree

Showing 19 changed files with 1,159 additions and 1,022 deletions.
diff --git a/circuits/poseidon.circom b/circuits/poseidon.circom
@@ -38,13 +38,13 @@ template Mix(t, M) {
     }
 }
 
-template MixLast(t, M) {
+template MixLast(t, M, s) {
     signal input in[t];
     signal output out;
 
     var lc = 0;
     for (var j=0; j<t; j++) {
-        lc += M[j][0]*in[j];
+        lc += M[j][s]*in[j];
     }
     out <== lc;
 }
@@ -53,7 +53,7 @@ template MixS(t, S, r) {
     signal input in[t];
     signal output out[t];
 
-    
+
     var lc = 0;
     for (var i=0; i<t; i++) {
         lc += S[(t*2-1)*r+i]*in[i];
@@ -64,9 +64,10 @@ template MixS(t, S, r) {
     }
 }
 
-template Poseidon(nInputs) {
+template PoseidonEx(nInputs, nOuts) {
     signal input inputs[nInputs];
-    signal output out;
+    signal input initialState;
+    signal output out[nOuts];
 
     // Using recommended parameters from whitepaper https://eprint.iacr.org/2019/458.pdf (table 2, table 8)
     // Generated by https://extgit.iaik.tugraz.at/krypto/hadeshash/-/blob/master/code/calc_round_numbers.py
@@ -85,15 +86,15 @@ template Poseidon(nInputs) {
     component sigmaP[nRoundsP];
     component mix[nRoundsF-1];
     component mixS[nRoundsP];
-    component mixLast;
+    component mixLast[nOuts];
 
 
     ark[0] = Ark(t, C, 0);
     for (var j=0; j<t; j++) {
         if (j>0) {
             ark[0].in[j] <== inputs[j-1];
         } else {
-            ark[0].in[j] <== 0;
+            ark[0].in[j] <== initialState;
         }
     }
 
@@ -184,10 +185,24 @@ template Poseidon(nInputs) {
         sigmaF[nRoundsF-1][j].in <== mix[nRoundsF-2].out[j];
     }
 
-    mixLast = MixLast(t,M);
-    for (var j=0; j<t; j++) {
-        mixLast.in[j] <== sigmaF[nRoundsF-1][j].out;
+    for (var i=0; i<nOuts; i++) {
+        mixLast[i] = MixLast(t,M,i);
+        for (var j=0; j<t; j++) {
+            mixLast[i].in[j] <== sigmaF[nRoundsF-1][j].out;
+        }
+        out[i] <== mixLast[i].out;
     }
 
-    out <== mixLast.out;
+}
+
+template Poseidon(nInputs) {
+    signal input inputs[nInputs];
+    signal output out;
+
+    component pEx = PoseidonEx(nInputs, 1);
+    pEx.initialState <== 0;
+    for (var i=0; i<nInputs; i++) {
+        pEx.inputs[i] <== inputs[i];
+    }
+    out <== pEx.out[0];
 }