Skip to content
This repository has been archived by the owner on Jun 28, 2022. It is now read-only.

Questions about PRIME_BITLEN and round number #4

Closed
XuyangSong opened this issue May 30, 2022 · 4 comments
Closed

Questions about PRIME_BITLEN and round number #4

XuyangSong opened this issue May 30, 2022 · 4 comments

Comments

@XuyangSong
Copy link

XuyangSong commented May 30, 2022
edited
Loading

Plonk-Prototype/src/poseidon/round_numbers.rs

Line 7 in bae3f95

const PRIME_BITLEN: usize = 256;

Can we always use PRIME_BITLEN=256 to compute round number for different fields?

Another question about round number
Does the round number generated in the repo(rust) still have the same result with reference from the python script here?
I don't know why I could not get the same result.

Btw, for generate_parameters_grain_deterministic.sage and poseidonperm_bls381_width3.sage, I can get the same result with rust code even for different fields.
@BoyuanFeng
Copy link

  1. "Can we always use PRIME_BITLEN=256 to compute round numbers for different fields?"

No, you cannot. As specified in the comments (see below), PRIME_BITLEN=256 is "the number of bits of the Poseidon prime field modulus."

Plonk-Prototype/src/poseidon/round_numbers.rs

Lines 3 to 6 in bae3f95

// The number of bits of the Poseidon prime field modulus. Denoted `n` in the Poseidon paper
// (where `n = ceil(log2(p))`). Note that BLS12-381's scalar field modulus is 255 bits, however we
// use 256 bits for simplicity when operating on bytes as the single bit difference does not affect
// the round number security properties.

  1. "Does the round number generated in the repo(rust) still have the same result with reference from the python script here?"

Yes. For example, if you run "python2 calc_round_numbers.py 762 3 128 1 1", you will have (R_F, R_P) = (8, 55). This matches hardcoded tests:

Plonk-Prototype/src/poseidon/round_numbers.rs

Line 101 in bae3f95

(3, 55),

@XuyangSong
Copy link
Author

XuyangSong commented May 31, 2022
edited
Loading

Thanks for your reply.

  1. So we'd better not hardcode the PRIME_BITLEN , and use Fr: : size_in_bits() instead or take another parameter?
  2. Oh, I used the wrong sbox_case parameter.

@BoyuanFeng
Copy link

So we'd better not hardcode the PRIME_BITLEN , and use Fr: : size_in_bits() instead or take another parameter?

It is indeed more complex than that. The properties used to compute round numbers also change from the current implementation. You may also need to update alpha. Please check the paper for properly selecting round numbers for other curves.

@XuyangSong
Copy link
Author

ty, I'll check it.

@XuyangSong XuyangSong mentioned this issue May 31, 2022
Merged
7 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XuyangSong @BoyuanFeng