tlsnotary · themighty1 · Oct 10, 2024 · Oct 24, 2024
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,6 +10,7 @@ members = [
     "crates/components/block-cipher",
     "crates/components/hmac-sha256",
     "crates/components/hmac-sha256-circuits",
+    "crates/components/poseidon-halo2",
     "crates/components/key-exchange",
     "crates/components/stream-cipher",
     "crates/components/universal-hash",
@@ -43,6 +44,7 @@ opt-level = 1
 [workspace.dependencies]
 notary-client = { path = "crates/notary/client" }
 notary-server = { path = "crates/notary/server" }
+poseidon-halo2 = { path = "crates/components/poseidon-halo2" }
 tls-server-fixture = { path = "crates/tls/server-fixture" }
 tlsn-aead = { path = "crates/components/aead" }
 tlsn-benches-browser-core = { path = "crates/benches/browser/core" }

diff --git a/crates/components/poseidon-halo2/Cargo.toml b/crates/components/poseidon-halo2/Cargo.toml
@@ -0,0 +1,17 @@
+[package]
+name = "poseidon-halo2"
+authors = ["TLSNotary Team"]
+description = "An experimental implementation of Poseidon based on PSE's poseidon-gadget"
+categories = ["cryptography"]
+license = "MIT OR Apache-2.0"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+name = "poseidon_halo2"
+
+[dependencies]
+ff = "0.13"
+group = "0.13"
+halo2_poseidon = { git = "https://github.com/privacy-scaling-explorations/poseidon-gadget", rev="764a682"}
+halo2_proofs = { git = "https://github.com/privacy-scaling-explorations/halo2", tag = "v0.3.0", default-features = false}
diff --git a/crates/components/poseidon-halo2/src/lib.rs b/crates/components/poseidon-halo2/src/lib.rs
@@ -0,0 +1,32 @@
+//! An experimental Poseidon hash implementation over the BN256 curve with custom parameters.
+//!
+//! This crate is only meant to be used for experimental purposes. The parameters were not checked
+//! to be secure.
+
+mod rate15_params;
+mod rate1_params;
+mod rate2_params;
+mod spec;
+
+use halo2_poseidon::poseidon::primitives::{ConstantLength, Hash};
+use halo2_proofs::halo2curves::bn256;
+
+pub use halo2_proofs::halo2curves::bn256::Fr as F;
+pub use spec::{Spec1, Spec15, Spec2};
+
+/// Hashes the provided input field elements and returns the digest.
+///
+/// # Panics
+///
+/// Panics if the provided input's length is not 15, 2, or 1 field elements.
+pub fn hash(input: &[bn256::Fr]) -> bn256::Fr {
+    match input.len() {
+        15 => Hash::<bn256::Fr, spec::Spec15, ConstantLength<15>, 16, 15>::init()
+            .hash(input.try_into().unwrap()),
+        2 => Hash::<bn256::Fr, spec::Spec2, ConstantLength<2>, 3, 2>::init()
+            .hash(input.try_into().unwrap()),
+        1 => Hash::<bn256::Fr, spec::Spec1, ConstantLength<1>, 2, 1>::init()
+            .hash(input.try_into().unwrap()),
+        _ => unimplemented!(),
+    }
+}