[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2023/522

SAFE: Sponge API for Field Elements

JP Aumasson, Taurus and Inference
Dmitry Khovratovich, Ethereum Foundation and Dusk Network
Bart Mennink, Radboud University Nijmegen
Porçu Quine, Lurk Lab and Protocol Labs
Abstract

From hashing and commitment schemes to Fiat-Shamir and encryption, hash functions are everywhere in zero-knowledge proofsystems (ZKPs), and minor performance changes in ``vanilla'' implementations can translate in major discrepancies when the hash is processed as a circuit within the proofsystem. Protocol designers have resorted to a number of techniques and custom modes to optimize hash functions for ZKPs settings, but so far without a single established, well-studied construction. To address this need, we define the Sponge API for Field Elements (SAFE), a unified framework for permutation-based schemes (including AEAD, Sigma, PRNGs, and so on). SAFE eliminates the performance overhead, is pluggable in any field-oriented protocol, and is suitable for any permutation algorithm. SAFE is implemented in Filecoin's Neptune hash framework, {which is} our reference implementation (in Rust). SAFE is also being integrated in other prominent ZKP projects. This report specifies SAFE and describes some use cases. Among other improvements, our construction is among the first to store the protocol metadata in the sponge inner part in a provably secure way, which may be of independent interest to the sponge use cases outside of ZKP.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
hashingfiat-shamirsponges
Contact author(s)
jp @ taurusgroup ch
khovratovich @ gmail com
b mennink @ cs ru nl
porcuquine @ gmail com
History
2023-04-12: approved
2023-04-11: received
See all versions
Short URL
https://ia.cr/2023/522
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2023/522,
      author = {JP Aumasson and Dmitry Khovratovich and Bart Mennink and Porçu Quine},
      title = {{SAFE}: Sponge {API} for Field Elements},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/522},
      year = {2023},
      url = {https://eprint.iacr.org/2023/522}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.