anemoi/ed_on_bls12_377/anemoi_2_1/
mod.rs

1//! Implementation of the Anemoi permutation
2
3use super::{sbox, Felt, MontFp};
4use crate::{Anemoi, Jive, Sponge};
5use ark_ff::{One, Zero};
6/// Digest for Anemoi
7mod digest;
8/// Sponge for Anemoi
9mod hasher;
10/// Round constants for Anemoi
11mod round_constants;
12
13pub use digest::AnemoiDigest;
14
15// ANEMOI CONSTANTS
16// ================================================================================================
17
18/// Function state is set to 2 field elements or 64 bytes.
19/// 1 element of the state is reserved for capacity.
20pub const STATE_WIDTH: usize = 2;
21/// 1 element of the state is reserved for rate.
22pub const RATE_WIDTH: usize = 1;
23
24/// The state is divided into two even-length rows.
25pub const NUM_COLUMNS: usize = 1;
26
27/// One element (32-bytes) is returned as digest.
28pub const DIGEST_SIZE: usize = RATE_WIDTH;
29
30/// The number of rounds is set to 19 to provide 128-bit security level.
31pub const NUM_HASH_ROUNDS: usize = 19;
32
33// ANEMOI INSTANTIATION
34// ================================================================================================
35
36/// An Anemoi instantiation over BLS_12_377 scalarfield with 1 column and rate 1.
37#[derive(Debug, Clone)]
38pub struct AnemoiEdOnBls12_377_2_1;
39
40impl<'a> Anemoi<'a, Felt> for AnemoiEdOnBls12_377_2_1 {
41    const NUM_COLUMNS: usize = NUM_COLUMNS;
42    const NUM_ROUNDS: usize = NUM_HASH_ROUNDS;
43
44    const WIDTH: usize = STATE_WIDTH;
45    const RATE: usize = RATE_WIDTH;
46    const OUTPUT_SIZE: usize = DIGEST_SIZE;
47
48    const ARK_C: &'a [Felt] = &round_constants::C;
49    const ARK_D: &'a [Felt] = &round_constants::D;
50
51    const GROUP_GENERATOR: u32 = sbox::BETA;
52
53    const ALPHA: u32 = sbox::ALPHA;
54    const INV_ALPHA: Felt = sbox::INV_ALPHA;
55    const BETA: u32 = sbox::BETA;
56    const DELTA: Felt = sbox::DELTA;
57
58    fn exp_by_inv_alpha(x: Felt) -> Felt {
59        sbox::exp_by_inv_alpha(&x)
60    }
61}
62
63#[cfg(test)]
64mod tests {
65    use super::*;
66
67    #[test]
68    fn test_sbox() {
69        // Generated from https://github.com/anemoi-hash/anemoi-hash/
70        let mut input = [
71            [Felt::zero(), Felt::zero()],
72            [Felt::one(), Felt::one()],
73            [Felt::zero(), Felt::one()],
74            [Felt::one(), Felt::zero()],
75            [
76                MontFp!(
77                    "1702453687599237255979790395649661561097021816012655343362862401487976990635"
78                ),
79                MontFp!(
80                    "55182996011466939256354811689314399677205058012274460919631500147033422257"
81                ),
82            ],
83            [
84                MontFp!(
85                    "1632494083105067989108986168333267989585126749626213300549214124432057272046"
86                ),
87                MontFp!(
88                    "3235496430022085959711123699858140529588122538980640806799684802463067259514"
89                ),
90            ],
91            [
92                MontFp!(
93                    "2949107286382242589408502806237544591060658194210167305879560683706384630054"
94                ),
95                MontFp!(
96                    "5737317058995992721813276965883365157482803873025273531093951180764314104104"
97                ),
98            ],
99            [
100                MontFp!(
101                    "3847486564537860245300248276730767485325621899141671582468959814421470544337"
102                ),
103                MontFp!(
104                    "973237804068485700945652982695350747348341011305922079929829613120301223311"
105                ),
106            ],
107            [
108                MontFp!(
109                    "4423853261878949329714672248313364658249442583402321938245105532670762310457"
110                ),
111                MontFp!(
112                    "6318194943468624511407133555855689372627131855220925784755298465943973848075"
113                ),
114            ],
115            [
116                MontFp!(
117                    "4016933957638346207048092395830140608782114470984531468566517135441433765388"
118                ),
119                MontFp!(
120                    "6580290746099031704776305709158249319498017489547605549857374926087757457095"
121                ),
122            ],
123        ];
124
125        let output = [
126            [
127                MontFp!(
128                    "1151517511285686876033930673470210890642168091157372340172986380352373987142"
129                ),
130                Felt::zero(),
131            ],
132            [
133                MontFp!(
134                    "6365899358248349268142114350217140688230280935934585545650923395666961413055"
135                ),
136                MontFp!(
137                    "6687234439711495246728724424832755914754252582501095871411974444826560185425"
138                ),
139            ],
140            [
141                MontFp!(
142                    "1259102676294307221997675460062050531223883403969519571426325121918383273022"
143                ),
144                MontFp!(
145                    "7394748313577717922329439561482524665112163885958294194408694881596009888759"
146                ),
147            ],
148            [
149                MontFp!(
150                    "1151517511285686876033930673470210890642168091157372340172986380352373987165"
151                ),
152                MontFp!(
153                    "8444461749428370424248824938781546531375899335154063827935233455917409239040"
154                ),
155            ],
156            [
157                MontFp!(
158                    "535529169994471980895146329785844261993421713552949774502675597694055133100"
159                ),
160                MontFp!(
161                    "6852110193643998530572290501436322032364131063709360756262737129386670745800"
162                ),
163            ],
164            [
165                MontFp!(
166                    "6404503483962152111999193593477106169718903963947857677408991893720452801303"
167                ),
168                MontFp!(
169                    "3545638184610686040724127622788202781708854453867541694780205848502020435521"
170                ),
171            ],
172            [
173                MontFp!(
174                    "4993699593849262606727899948154774092954206406493293170903337588327603405059"
175                ),
176                MontFp!(
177                    "538424993017044564736852938526516857998028484060590180933928732894064637201"
178                ),
179            ],
180            [
181                MontFp!(
182                    "373173095181179190656605172080887661927786715414912434674879791384681579881"
183                ),
184                MontFp!(
185                    "2638495719239556240909523895823467781619734744768035188467450069547637095177"
186                ),
187            ],
188            [
189                MontFp!(
190                    "4536971513421002575004449422638957461701416375809831818917785571183330345849"
191                ),
192                MontFp!(
193                    "1568913694550148515182306533723005891668126117649843193805645866218823885313"
194                ),
195            ],
196            [
197                MontFp!(
198                    "5701434605102992787563486029841924857055025452256972247896818057472115916834"
199                ),
200                MontFp!(
201                    "1818001660213901240413679847325689397505131467152159675046705165477840388615"
202                ),
203            ],
204        ];
205
206        for i in input.iter_mut() {
207            AnemoiEdOnBls12_377_2_1::sbox_layer(i);
208        }
209
210        for (&i, o) in input.iter().zip(output) {
211            assert_eq!(i, o);
212        }
213    }
214}
anemoi/ed_on_bls12_377/anemoi_2_1/mod.rs

anemoi/ed_on_bls12_377/anemoi_2_1/
mod.rs
