anemoi/pallas/anemoi_2_1/
mod.rs

1//! Implementation of the Anemoi permutation
2
3use super::{sbox, Felt, MontFp};
4use crate::{Anemoi, Jive, Sponge};
5use ark_ff::{One, Zero};
6/// Digest for Anemoi
7mod digest;
8/// Sponge for Anemoi
9mod hasher;
10/// Round constants for Anemoi
11mod round_constants;
12
13pub use digest::AnemoiDigest;
14
15// ANEMOI CONSTANTS
16// ================================================================================================
17
18/// Function state is set to 2 field elements or 64 bytes.
19/// 1 element of the state is reserved for capacity.
20pub const STATE_WIDTH: usize = 2;
21/// 1 element of the state is reserved for rate.
22pub const RATE_WIDTH: usize = 1;
23
24/// The state is divided into two even-length rows.
25pub const NUM_COLUMNS: usize = 1;
26
27/// One element (32-bytes) is returned as digest.
28pub const DIGEST_SIZE: usize = RATE_WIDTH;
29
30/// The number of rounds is set to 21 to provide 128-bit security level.
31pub const NUM_HASH_ROUNDS: usize = 21;
32
33// ANEMOI INSTANTIATION
34// ================================================================================================
35
36/// An Anemoi instantiation over Pallas basefield with 1 column and rate 1.
37#[derive(Debug, Clone)]
38pub struct AnemoiPallas_2_1;
39
40impl<'a> Anemoi<'a, Felt> for AnemoiPallas_2_1 {
41    const NUM_COLUMNS: usize = NUM_COLUMNS;
42    const NUM_ROUNDS: usize = NUM_HASH_ROUNDS;
43
44    const WIDTH: usize = STATE_WIDTH;
45    const RATE: usize = RATE_WIDTH;
46    const OUTPUT_SIZE: usize = DIGEST_SIZE;
47
48    const ARK_C: &'a [Felt] = &round_constants::C;
49    const ARK_D: &'a [Felt] = &round_constants::D;
50
51    const GROUP_GENERATOR: u32 = sbox::BETA;
52
53    const ALPHA: u32 = sbox::ALPHA;
54    const INV_ALPHA: Felt = sbox::INV_ALPHA;
55    const BETA: u32 = sbox::BETA;
56    const DELTA: Felt = sbox::DELTA;
57
58    fn exp_by_inv_alpha(x: Felt) -> Felt {
59        sbox::exp_by_inv_alpha(&x)
60    }
61}
62
63#[cfg(test)]
64mod tests {
65    use super::*;
66
67    #[test]
68    fn test_sbox() {
69        // Generated from https://github.com/anemoi-hash/anemoi-hash/
70        let mut input = [
71            [Felt::zero(), Felt::zero()],
72            [Felt::one(), Felt::one()],
73            [Felt::zero(), Felt::one()],
74            [Felt::one(), Felt::zero()],
75            [
76                MontFp!(
77                    "14427893260455109705156664042356718870640358762168844127801340015397735141384"
78                ),
79                MontFp!(
80                    "13138696979498515255251127567565619801757554887203558360380530676670571486013"
81                ),
82            ],
83            [
84                MontFp!(
85                    "5982785702201799305786867067988158272995997210813762482456562383325396457307"
86                ),
87                MontFp!(
88                    "11157578518762194736934882103054173468937876478529400613348074898361123904134"
89                ),
90            ],
91            [
92                MontFp!(
93                    "28438295326901256591313961101106709090488938900652514646147770410889552753021"
94                ),
95                MontFp!(
96                    "21984098443870633452751627308924492469490828327318452161617021106419179787063"
97                ),
98            ],
99            [
100                MontFp!(
101                    "1478473684176282421545569025094169832604223179056238532794256740200864105805"
102                ),
103                MontFp!(
104                    "10434311809031514623895595215935435926737673069788553325979295545028061815206"
105                ),
106            ],
107            [
108                MontFp!(
109                    "14781888674079440730534661652152630801376143896208339356492088260293981316061"
110                ),
111                MontFp!(
112                    "5946100447321140538927082795254280680319672054848714933905562692357791209656"
113                ),
114            ],
115            [
116                MontFp!(
117                    "21890634181453312985299942362110105598465044840040594871483168981564503243109"
118                ),
119                MontFp!(
120                    "13399999702513795139595738682345741616628808395869269194943347354713043743547"
121                ),
122            ],
123        ];
124
125        let output = [
126            [
127                MontFp!(
128                    "11579208923731619542357098500868790785345222592776624286381870705739987052135"
129                ),
130                Felt::zero(),
131            ],
132            [
133                MontFp!(
134                    "21735578927475698800610569875486878598709331368954848907691439386750294515554"
135                ),
136                MontFp!(
137                    "14915059756306458668798776150463074115887270782104658469523764643553127876149"
138                ),
139            ],
140            [
141                MontFp!(
142                    "8778638346924233418081111828888910239654127576710317834940372077697612057229"
143                ),
144                MontFp!(
145                    "22051619713425230766531768624512758113922728761788164591626179149121958488460"
146                ),
147            ],
148            [
149                MontFp!(
150                    "11579208923731619542357098500868790785345222592776624286381870705739987052141"
151                ),
152                MontFp!(
153                    "28948022309329048855892746252171976963363056481941560715954676764349967630336"
154                ),
155            ],
156            [
157                MontFp!(
158                    "15057666972438544655529092362515483735243961223136603604240845793436024282167"
159                ),
160                MontFp!(
161                    "18426015703030010997579367729105852162907463595338775756615551204155238010747"
162                ),
163            ],
164            [
165                MontFp!(
166                    "12784112979346968338857027566852413713742326351825438806654554069180360520239"
167                ),
168                MontFp!(
169                    "19489047326280876009902092412625999917701345308237436085355219040385444324475"
170                ),
171            ],
172            [
173                MontFp!(
174                    "1074062906705051625340891993854330434113074614285707814128597733756511897673"
175                ),
176                MontFp!(
177                    "26232282506455021707774466392106533529531735952259475413117013981021691187782"
178                ),
179            ],
180            [
181                MontFp!(
182                    "28595818858315685708975605358852866393238263106947165825818134308983563312207"
183                ),
184                MontFp!(
185                    "14642156524169052991136322603510653318103271560700097395676529642867165495210"
186                ),
187            ],
188            [
189                MontFp!(
190                    "11754355108941335665457273660950498145132042536979472128903765695489200586844"
191                ),
192                MontFp!(
193                    "15784254972170032700858756124355809739660845922750435361027936389430659344563"
194                ),
195            ],
196            [
197                MontFp!(
198                    "15232629547649820334265900608014588244555627611748155043487778827952582329153"
199                ),
200                MontFp!(
201                    "15198336594802842939444122386359795234810128717205332049155326138169684053519"
202                ),
203            ],
204        ];
205
206        for i in input.iter_mut() {
207            AnemoiPallas_2_1::sbox_layer(i);
208        }
209
210        for (&i, o) in input.iter().zip(output) {
211            assert_eq!(i, o);
212        }
213    }
214}
anemoi/pallas/anemoi_2_1/mod.rs

anemoi/pallas/anemoi_2_1/
mod.rs
