Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/verumlotus/zk-hashes
Calculate the hash of any input for ZK-Friendly hashes (MiMC & Poseidon) over a variety of Elliptic Curves.
https://github.com/verumlotus/zk-hashes
babyjubjub bn254 circom hash mimc pallas pasta-curves vesta zero-knowledge zksnark
Last synced: 6 days ago
JSON representation
Calculate the hash of any input for ZK-Friendly hashes (MiMC & Poseidon) over a variety of Elliptic Curves.
- Host: GitHub
- URL: https://github.com/verumlotus/zk-hashes
- Owner: verumlotus
- License: mit
- Created: 2023-02-02T20:46:28.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-07T21:22:11.000Z (almost 2 years ago)
- Last Synced: 2024-12-21T12:34:59.489Z (19 days ago)
- Topics: babyjubjub, bn254, circom, hash, mimc, pallas, pasta-curves, vesta, zero-knowledge, zksnark
- Language: TypeScript
- Homepage: https://zk-hashes.vercel.app
- Size: 951 KB
- Stars: 6
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ZK-Hashes
Calculate the hash of any input for ZK-Friendly hashes (MiMC & Poseidon) over a variety of Elliptic Curves (BN-128 (Babyjubjub prime), Vesta, & Pallas). Website [here](https://zk-hashes.vercel.app/).
## Background
Certain operations over a finite field within a ZK-SNARK are much cheaper than others. Notably, addition & multiplication are cheap relative to other operations. Traditional hashes such as [SHA-256](https://en.wikipedia.org/wiki/SHA-2) use non-addition/multiplication operations that make them expensive to use within a SNARK. A series of "ZK-Friendly" hashes (including [MiMC](https://eprint.iacr.org/2016/492) and [Poseidon](https://www.poseidon-hash.info/)) using only the addition & multiplication operations have been created to allow us to use secure hash functions within circuits while keeping circuit sizes reasonable.
Due to the novelty of these hash functions, there are no readily available web applications that allow you to evaluate the MiMC and Poseidon hash functions on some input over an elliptic curve. This web app utility allows for the computation of MiMC over the [BN-128 Curve](https://hackmd.io/@jpw/bn254) (with the [Babyjubjub](https://iden3-docs.readthedocs.io/en/latest/iden3_repos/research/publications/zkproof-standards-workshop-2/baby-jubjub/baby-jubjub.html) prime), and the [pasta-curves Vesta & Pallas](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/). The Poseidon hash function can also be computed over the BN-128 curve. This utility accepts numbers, vector, and matrices. It works on matrices up to 50 dimensions and traverses them in row-major order when generating the hash.
The original motivation for this website was to serve as a utility while developing [Circom](https://docs.circom.io/) Circuits. The generated hash values are meant to align with values generated by the hash functions in [Circomlib](https://github.com/iden3/circomlib).
## Improvements
This can be extended to support many more elliptic curves & hash functions. Currently, MiMC only allows for iterations up to 220, and this restriction is due to the fact that we only generated constants for 220 rounds. More constants can be generated to allow for more iterations. Poseidon currently only works over BN-128 – the appropriate constants can be generated to use Poseidon over any other elliptic curve.
## Credits
The MiMC implementation was modified from the [DarkForest's](https://zkga.me/) team [implementation](https://github.com/darkforest-eth/packages). The Poseidon implementation is modified from [Iden3's](https://iden3.io/) [implementation](ttps://github.com/iden3/circomlibjs).
## Disclaimer
While the outputs of these hash functions have been verified against a series of Circom Circuit outputs (including negative numbers, overflows, & multi-dimensional matrices), there is a possibility of a bug.