hash

package

v0.14.0 Latest Latest Go to latest Published: Sep 3, 2024 License: Apache-2.0 Imports: 10 Imported by: 49

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/consensys/gnark-crypto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package hash provides MiMC hash function defined over implemented curves

Length extension attack ¶

The MiMC hash function is vulnerable to a length extension attack. For example when we have a hash

h = MiMC(k || m)

and we want to hash a new message

m' = m || m2,

we can compute

h' = MiMC(k || m || m2)

without knowing k by computing

h' = MiMC(h || m2).

This is because the MiMC hash function is a simple iterated cipher, and the hash value is the state of the cipher after encrypting the message.

There are several ways to mitigate this attack:

use a random key for each hash
use a domain separation tag for different use cases: h = MiMC(k || tag || m)
use the secret input as last input: h = MiMC(m || k)

In general, inside a circuit the length-extension attack is not a concern as due to the circuit definition the attacker can not append messages to existing hash. But the user has to consider the cases when using a secret key and MiMC in different contexts.

Hash input format ¶

The MiMC hash function is defined over a field. The input to the hash function is a byte slice. The byte slice is interpreted as a sequence of field elements. Due to this interpretation, the input byte slice length must be multiple of the field modulus size. And every secuence of byte slice for a single field element must be strictly less than the field modulus.

See open issues:

Index ¶

type Hash

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Hash ¶

type Hash uint

Hash defines an unique identifier for a hash function.

const (
	// MIMC_BN254 is the MiMC hash function for the BN254 curve.
	MIMC_BN254 Hash = iota
	// MIMC_BLS12_381 is the MiMC hash function for the BLS12-381 curve.
	MIMC_BLS12_381
	// MIMC_BLS12_377 is the MiMC hash function for the BLS12-377 curve.
	MIMC_BLS12_377
	// MIMC_BLS12_378 is the MiMC hash function for the BLS12-378 curve.
	MIMC_BLS12_378
	// MIMC_BW6_761 is the MiMC hash function for the BW6-761 curve.
	MIMC_BW6_761
	// MIMC_BLS24_315 is the MiMC hash function for the BLS24-315 curve.
	MIMC_BLS24_315
	// MIMC_BLS24_317 is the MiMC hash function for the BLS24-317 curve.
	MIMC_BLS24_317
	// MIMC_BW6_633 is the MiMC hash function for the BW6-633 curve.
	MIMC_BW6_633
	// MIMC_BW6_756 is the MiMC hash function for the BW6-756 curve.
	MIMC_BW6_756
)

func (Hash) New ¶

func (m Hash) New() hash.Hash

New initializes the hash function.

func (Hash) Size ¶

func (m Hash) Size() int

Size returns the size of the digest of the corresponding hash function

func (Hash) String ¶

func (m Hash) String() string

String returns the unique identifier of the hash function.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL