Expand description
Full (external) round layers for the Poseidon1 permutation.
§Overview
Full rounds apply the S-box to every state element, providing strong resistance against statistical attacks (differential, linear, truncated differential, rebound). The Poseidon1 paper requires at least RF = 6 full rounds for 128-bit security against these attacks (see Section 5 and Appendix C of the paper).
§Round Structure
Each full round applies three operations in sequence:
state → AddRoundConstants → S-box(all elements) → MDS multiply → state'The MDS multiply is dispatched via the Permutation trait, allowing concrete fields
to use fast convolution (e.g., Karatsuba) while generic Algebra<F> types fall back
to O(t^2) dense multiplication.
§Cost
Each full round costs t S-box evaluations + O(t^2) for the dense MDS multiply, giving a total full-round cost of O(RF * t^2). Since RF is small (typically 8), this is acceptable even for large t.
Structs§
- Full
Round Constants - Pre-computed constants for the full (external) rounds.
Traits§
- Full
Round Layer - The full (external) round layer of the Poseidon1 permutation.
- Full
Round Layer Constructor - Construct a full round layer from pre-computed constants.
Functions§
- full_
round_ initial_ permute_ state - Apply the initial full rounds (generic implementation).
- full_
round_ terminal_ permute_ state - Apply the terminal full rounds (generic implementation).
- mds_
multiply - Dense matrix-vector multiplication in O(t^2).