anemoi/bls12_381/anemoi_2_1/
mod.rs

1//! Implementation of the Anemoi permutation
2
3use super::{sbox, Felt, MontFp};
4use crate::{Anemoi, Jive, Sponge};
5use ark_ff::{One, Zero};
6/// Digest for Anemoi
7mod digest;
8/// Sponge for Anemoi
9mod hasher;
10/// Round constants for Anemoi
11mod round_constants;
12
13pub use digest::AnemoiDigest;
14
15// ANEMOI CONSTANTS
16// ================================================================================================
17
18/// Function state is set to 2 field elements or 96 bytes.
19/// 1 element of the state is reserved for capacity.
20pub const STATE_WIDTH: usize = 2;
21/// 1 element of the state is reserved for rate.
22pub const RATE_WIDTH: usize = 1;
23
24/// The state is divided into two even-length rows.
25pub const NUM_COLUMNS: usize = 1;
26
27/// One element (48-bytes) is returned as digest.
28pub const DIGEST_SIZE: usize = RATE_WIDTH;
29
30/// The number of rounds is set to 21 to provide 128-bit security level.
31pub const NUM_HASH_ROUNDS: usize = 21;
32
33// ANEMOI INSTANTIATION
34// ================================================================================================
35
36/// An Anemoi instantiation over BLS12_381 basefield with 1 column and rate 1.
37#[derive(Debug, Clone)]
38pub struct AnemoiBls12_381_2_1;
39
40impl<'a> Anemoi<'a, Felt> for AnemoiBls12_381_2_1 {
41    const NUM_COLUMNS: usize = NUM_COLUMNS;
42    const NUM_ROUNDS: usize = NUM_HASH_ROUNDS;
43
44    const WIDTH: usize = STATE_WIDTH;
45    const RATE: usize = RATE_WIDTH;
46    const OUTPUT_SIZE: usize = DIGEST_SIZE;
47
48    const ARK_C: &'a [Felt] = &round_constants::C;
49    const ARK_D: &'a [Felt] = &round_constants::D;
50
51    const GROUP_GENERATOR: u32 = sbox::BETA;
52
53    const ALPHA: u32 = sbox::ALPHA;
54    const INV_ALPHA: Felt = sbox::INV_ALPHA;
55    const BETA: u32 = sbox::BETA;
56    const DELTA: Felt = sbox::DELTA;
57
58    fn exp_by_inv_alpha(x: Felt) -> Felt {
59        sbox::exp_by_inv_alpha(&x)
60    }
61}
62
63#[cfg(test)]
64mod tests {
65    use super::*;
66
67    #[test]
68    fn test_sbox() {
69        // Generated from https://github.com/anemoi-hash/anemoi-hash/
70        let mut input = [
71            [Felt::zero(), Felt::zero()],
72            [Felt::one(), Felt::one()],
73            [Felt::zero(), Felt::one()],
74            [Felt::one(), Felt::zero()],
75            [MontFp!("2639505791130699847138581246185885055990948498489342305074770502258851288122761936413995271029951303782268594261940"
76                ),
77                MontFp!("2453803074341438677978248529076694173935112020474275107054519301539345953282344217007938580499167344755279671258477"),],[MontFp!("3826343494652146910587478037317662252994425647339827885932244558441507927524070523862223596722047642153049519958502"
78                ),
79                MontFp!("2213285664123851154164399517476276086297667175750394056833936829656263514994210546846041380414442943349942556131167"),],[MontFp!("1784235328212465922753432632718728940066227845167015006250965466134563711760247547998512753761878692738260037415320"
80                ),
81                MontFp!("39867492833405729841610794572020155220857746021404149003111105376414058511034326417887712183989738999685433791746"),],[MontFp!("1276805555513368654115849300586155645322547258070524299376715810359761599586232204047255985442457747688287778827514"
82                ),
83                MontFp!("2982607816330514123837188598555171983314899149704293255595313129175663904381898191258274873537791043974472985987138"),],[MontFp!("222277026251992776078878530826241946946986457602164080890346233257384167341250003945691162194269902668781766410462"
84                ),
85                MontFp!("2057200503249324857095407481415403298530252968820526499874388237895978705973147153711599050530453697929352884509172"),],[MontFp!("3722460117630412498731569280173727988220205878678823487737905245511347157625796082399677207483561644332555197168768"
86                ),
87                MontFp!("3882220687494333104644860313120672938730758190390321402327320632977900915881572611838696400124643490862957806853209"),],];
88
89        let output = [
90[MontFp!("2001204777610833696708894912867952078278441409969503942666029068062015825245418932221343814564507832018947136279894"),Felt::zero(),],[MontFp!("2001204777610833696708894912867952078278441409969503942666029068062015825245418932221343814564507832018947136279901"
91                ),
92                MontFp!("2"),],[MontFp!("3409024350324770932167116073246649688369598710716962856079695054623192887746906059977244451934321045232801607693752"
93                ),
94                MontFp!("1329263574752159191211793849573133266716936406142823755742645842982909514268936466892710969217855617281191220461747"),],[MontFp!("2001204777610833696708894912867952078278441409969503942666029068062015825245418932221343814564507832018947136279897"
95                ),
96                MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559786"),],[MontFp!("2465574469952643145729746234477924421882674096882370412379683948302410643217957469321380693187563210193334655335847"
97                ),
98                MontFp!("2489152704958805531135773890840855334442445700083109664226974417610635874611932888877037573244368603578580414041799"),],[MontFp!("408652350564110577322969651688855407657559708877495483663280689285273237419309108571745248532063147969920029280822"
99                ),
100                MontFp!("1724486001880100049532256073750925567031848981057838120554348912902128069838138958515666882468688879658762982998568"),],[MontFp!("1765091336843926043630366340550371749829789993174128990666219612137983469744999990928422749620039381212355138385554"
101                ),
102                MontFp!("2480980614979128307054616596744604853000819434901463816868701456456203229459184563106027550124998454431518049919350"),],[MontFp!("2950346306930083665848529180886105408422777543098716242160201581561457223880734312067977330112099260792507514986360"
103                ),
104                MontFp!("2087374146453732791551455846913217956996861872358134514729576187731786238798141582308800938194775173567582922075705"),],[MontFp!("3402125800877092047974772179557145155027105993715549752961881793057712744390710655211608258897689691916462045687307"
105                ),
106                MontFp!("3403977659585714744033605508019495483596883599235937591469491142673507602627003480280825557962552759214007258462562"),],[MontFp!("3595429903081617974839182398366971282489553094052996224478569522592700873909643276467558825831974433870937620786666"
107                ),
108                MontFp!("2977853375622078966481740257910454397845244197779424503641005093520724697563286535134594629934135273187959765909140"),],];
109
110        for i in input.iter_mut() {
111            AnemoiBls12_381_2_1::sbox_layer(i);
112        }
113
114        for (&i, o) in input.iter().zip(output) {
115            assert_eq!(i, o);
116        }
117    }
118}