Poseidon2 Custom Matrix (not MDS) (Plonky3#175)

* Poseidon2 custom matrix (instead of MDS permutation)

* fmt

* fix

* fix

* fix

* documentation

* poseidon2 tests

* cleanup

* documentation and fix

* cleanup

* cleanup

* more tests

* beggining -> beginning

* fix comments

* github issues ?

* resolve issues

* resolve issues

* github ci is making fun of me

* changes

* revert params

* revert params

* change ark-ff dependency to [dev-dependency]

* Remove the PhantomData and Sync bounds

* clippy

* zkhash to dev-dependencies

* Poseidon2MEMatrix tweaks

* import

---------

Co-authored-by: jorgeantonio21 <[email protected]>
Co-authored-by: Daniel Lubarov <[email protected]>

fri/tests/fri.rs

@@ -9,7 +9,6 @@ use p3_fri::{prover, verifier, FriConfig};
 use p3_matrix::dense::RowMajorMatrix;
 use p3_matrix::util::reverse_matrix_index_bits;
 use p3_matrix::{Matrix, MatrixRows};
-use p3_mds::coset_mds::CosetMds;
 use p3_merkle_tree::FieldMerkleTreeMmcs;
 use p3_poseidon2::{DiffusionMatrixBabybear, Poseidon2};
 use p3_symmetric::{PaddingFreeSponge, TruncatedPermutation};
@@ -20,8 +19,7 @@ use rand_chacha::ChaCha20Rng;
 type Val = BabyBear;
 type Challenge = BinomialExtensionField<Val, 4>;
 
-type MyMds = CosetMds<Val, 16>;
-type Perm = Poseidon2<Val, MyMds, DiffusionMatrixBabybear, 16, 7>;
+type Perm = Poseidon2<Val, DiffusionMatrixBabybear, 16, 7>;
 type MyHash = PaddingFreeSponge<Perm, 16, 8, 8>;
 type MyCompress = TruncatedPermutation<Perm, 2, 8, 16>;
 type ValMmcs = FieldMerkleTreeMmcs<<Val as Field>::Packing, MyHash, MyCompress, 8>;
@@ -30,8 +28,7 @@ type Challenger = DuplexChallenger<Val, Perm, 16>;
 type MyFriConfig = FriConfig<ChallengeMmcs>;
 
 fn get_ldt_for_testing<R: Rng>(rng: &mut R) -> (Perm, MyFriConfig) {
-    let mds = MyMds::default();
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, rng);
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, rng);
     let hash = MyHash::new(perm.clone());
     let compress = MyCompress::new(perm.clone());
     let mmcs = ChallengeMmcs::new(ValMmcs::new(hash, compress));

fri/tests/pcs.rs

@@ -7,7 +7,6 @@ use p3_field::Field;
 use p3_fri::{FriConfig, TwoAdicFriPcs, TwoAdicFriPcsConfig};
 use p3_matrix::dense::RowMajorMatrix;
 use p3_matrix::Matrix;
-use p3_mds::coset_mds::CosetMds;
 use p3_merkle_tree::FieldMerkleTreeMmcs;
 use p3_poseidon2::{DiffusionMatrixBabybear, Poseidon2};
 use p3_symmetric::{PaddingFreeSponge, TruncatedPermutation};
@@ -18,11 +17,8 @@ fn make_test_fri_pcs(log_degrees: &[usize]) {
     type Val = BabyBear;
     type Challenge = BinomialExtensionField<Val, 4>;
 
-    type MyMds = CosetMds<Val, 16>;
-    let mds = MyMds::default();
-
-    type Perm = Poseidon2<Val, MyMds, DiffusionMatrixBabybear, 16, 7>;
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+    type Perm = Poseidon2<Val, DiffusionMatrixBabybear, 16, 7>;
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
 
     type MyHash = PaddingFreeSponge<Perm, 16, 8, 8>;
     let hash = MyHash::new(perm.clone());

keccak-air/examples/prove_baby_bear_keccak.rs

@@ -7,7 +7,6 @@ use p3_field::Field;
 use p3_fri::{FriConfig, TwoAdicFriPcs, TwoAdicFriPcsConfig};
 use p3_keccak::Keccak256Hash;
 use p3_keccak_air::{generate_trace_rows, KeccakAir};
-use p3_mds::coset_mds::CosetMds;
 use p3_merkle_tree::FieldMerkleTreeMmcs;
 use p3_poseidon2::{DiffusionMatrixBabybear, Poseidon2};
 use p3_symmetric::{CompressionFunctionFromHasher, SerializingHasher32};
@@ -36,11 +35,8 @@ fn main() -> Result<(), VerificationError> {
     type Challenge = BinomialExtensionField<Val, 4>;
     type PackedChallenge = BinomialExtensionField<<Domain as Field>::Packing, 4>;
 
-    type MyMds = CosetMds<Val, 16>;
-    let mds = MyMds::default();
-
-    type Perm = Poseidon2<Val, MyMds, DiffusionMatrixBabybear, 16, 7>;
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+    type Perm = Poseidon2<Val, DiffusionMatrixBabybear, 16, 7>;
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
 
     type MyHash = SerializingHasher32<Keccak256Hash>;
     let hash = MyHash::new(Keccak256Hash {});

keccak-air/examples/prove_baby_bear_poseidon2.rs

@@ -6,7 +6,6 @@ use p3_field::extension::BinomialExtensionField;
 use p3_field::Field;
 use p3_fri::{FriConfig, TwoAdicFriPcs, TwoAdicFriPcsConfig};
 use p3_keccak_air::{generate_trace_rows, KeccakAir};
-use p3_mds::coset_mds::CosetMds;
 use p3_merkle_tree::FieldMerkleTreeMmcs;
 use p3_poseidon2::{DiffusionMatrixBabybear, Poseidon2};
 use p3_symmetric::{PaddingFreeSponge, TruncatedPermutation};
@@ -35,11 +34,8 @@ fn main() -> Result<(), VerificationError> {
     type Challenge = BinomialExtensionField<Val, 4>;
     type PackedChallenge = BinomialExtensionField<<Domain as Field>::Packing, 4>;
 
-    type MyMds = CosetMds<Val, 16>;
-    let mds = MyMds::default();
-
-    type Perm = Poseidon2<Val, MyMds, DiffusionMatrixBabybear, 16, 7>;
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+    type Perm = Poseidon2<Val, DiffusionMatrixBabybear, 16, 7>;
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
 
     type MyHash = PaddingFreeSponge<Perm, 16, 8, 8>;
     let hash = MyHash::new(perm.clone());

keccak-air/examples/prove_goldilocks_keccak.rs

@@ -7,7 +7,6 @@ use p3_fri::{FriConfig, TwoAdicFriPcs, TwoAdicFriPcsConfig};
 use p3_goldilocks::Goldilocks;
 use p3_keccak::Keccak256Hash;
 use p3_keccak_air::{generate_trace_rows, KeccakAir};
-use p3_mds::coset_mds::CosetMds;
 use p3_merkle_tree::FieldMerkleTreeMmcs;
 use p3_poseidon2::{DiffusionMatrixGoldilocks, Poseidon2};
 use p3_symmetric::{CompressionFunctionFromHasher, SerializingHasher64};
@@ -36,11 +35,8 @@ fn main() -> Result<(), VerificationError> {
     type Challenge = BinomialExtensionField<Val, 2>;
     type PackedChallenge = BinomialExtensionField<<Domain as Field>::Packing, 2>;
 
-    type MyMds = CosetMds<Val, 8>;
-    let mds = MyMds::default();
-
-    type Perm = Poseidon2<Val, MyMds, DiffusionMatrixGoldilocks, 8, 7>;
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixGoldilocks, &mut thread_rng());
+    type Perm = Poseidon2<Val, DiffusionMatrixGoldilocks, 8, 7>;
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixGoldilocks, &mut thread_rng());
 
     type MyHash = SerializingHasher64<Keccak256Hash>;
     let hash = MyHash::new(Keccak256Hash {});

merkle-tree/benches/merkle_tree.rs

@@ -31,11 +31,8 @@ fn bench_merkle_trees(criterion: &mut Criterion) {
 fn bench_bb_poseidon2(criterion: &mut Criterion) {
     type F = BabyBear;
 
-    type Mds = IntegratedCosetMds<F, 16>;
-    let mds = Mds::default();
-
-    type Perm = Poseidon2<BabyBear, Mds, DiffusionMatrixBabybear, 16, 7>;
-    let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+    type Perm = Poseidon2<BabyBear, DiffusionMatrixBabybear, 16, 7>;
+    let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
 
     type H = PaddingFreeSponge<Perm, 16, 8, 8>;
     let h = H::new(perm.clone());

merkle-tree/src/mmcs.rs

@@ -182,7 +182,6 @@ mod tests {
     use p3_field::{AbstractField, Field};
     use p3_matrix::dense::RowMajorMatrix;
     use p3_matrix::{Dimensions, Matrix};
-    use p3_mds::coset_mds::CosetMds;
     use p3_poseidon2::{DiffusionMatrixBabybear, Poseidon2};
     use p3_symmetric::{
         CryptographicHasher, PaddingFreeSponge, PseudoCompressionFunction, TruncatedPermutation,
@@ -193,16 +192,14 @@ mod tests {
 
     type F = BabyBear;
 
-    type MyMds = CosetMds<F, 16>;
-    type Perm = Poseidon2<F, MyMds, DiffusionMatrixBabybear, 16, 5>;
+    type Perm = Poseidon2<F, DiffusionMatrixBabybear, 16, 7>;
     type MyHash = PaddingFreeSponge<Perm, 16, 8, 8>;
     type MyCompress = TruncatedPermutation<Perm, 2, 8, 16>;
     type MyMmcs = FieldMerkleTreeMmcs<<F as Field>::Packing, MyHash, MyCompress, 8>;
 
     #[test]
     fn commit_single_1x8() {
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash.clone(), compress.clone());
@@ -235,8 +232,7 @@ mod tests {
 
     #[test]
     fn commit_single_2x2() {
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash.clone(), compress.clone());
@@ -258,8 +254,7 @@ mod tests {
 
     #[test]
     fn commit_single_2x3() {
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash.clone(), compress.clone());
@@ -289,8 +284,7 @@ mod tests {
 
     #[test]
     fn commit_mixed() {
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut thread_rng());
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut thread_rng());
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash.clone(), compress.clone());
@@ -351,8 +345,7 @@ mod tests {
     #[test]
     fn commit_either_order() {
         let mut rng = thread_rng();
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash, compress);
@@ -369,8 +362,7 @@ mod tests {
     #[should_panic]
     fn mismatched_heights() {
         let mut rng = thread_rng();
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash, compress);
@@ -388,8 +380,7 @@ mod tests {
     #[test]
     fn verify_tampered_proof_fails() {
         let mut rng = thread_rng();
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash, compress);
@@ -424,8 +415,7 @@ mod tests {
     #[test]
     fn size_gaps() {
         let mut rng = thread_rng();
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash, compress);
@@ -476,8 +466,7 @@ mod tests {
     #[test]
     fn different_widths() {
         let mut rng = thread_rng();
-        let mds = MyMds::default();
-        let perm = Perm::new_from_rng(8, 22, mds, DiffusionMatrixBabybear, &mut rng);
+        let perm = Perm::new_from_rng(8, 22, DiffusionMatrixBabybear, &mut rng);
         let hash = MyHash::new(perm.clone());
         let compress = MyCompress::new(perm);
         let mmcs = MyMmcs::new(hash, compress);

poseidon2/Cargo.toml

@@ -14,6 +14,8 @@ p3-symmetric = { path = "../symmetric" }
 rand = "0.8.5"
 
 [dev-dependencies]
+ark-ff = { version = "^0.4.0", default-features = false }
+zkhash = { git = "https://github.com/HorizenLabs/poseidon2" }
 criterion = "0.5.1"
 
 [[bench]]

poseidon2/benches/poseidon2.rs

@@ -4,9 +4,6 @@ use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
 use p3_baby_bear::BabyBear;
 use p3_field::PrimeField64;
 use p3_goldilocks::Goldilocks;
-use p3_mds::babybear::MdsMatrixBabyBear;
-use p3_mds::goldilocks::MdsMatrixGoldilocks;
-use p3_mds::MdsPermutation;
 use p3_poseidon2::{
     DiffusionMatrixBabybear, DiffusionMatrixGoldilocks, DiffusionPermutation, Poseidon2,
 };
@@ -15,33 +12,30 @@ use rand::distributions::{Distribution, Standard};
 use rand::thread_rng;
 
 fn bench_poseidon2(c: &mut Criterion) {
-    poseidon2::<BabyBear, MdsMatrixBabyBear, DiffusionMatrixBabybear, 16, 7>(c);
-    poseidon2::<BabyBear, MdsMatrixBabyBear, DiffusionMatrixBabybear, 24, 7>(c);
+    poseidon2::<BabyBear, DiffusionMatrixBabybear, 16, 7>(c);
+    poseidon2::<BabyBear, DiffusionMatrixBabybear, 24, 7>(c);
 
-    poseidon2::<Goldilocks, MdsMatrixGoldilocks, DiffusionMatrixGoldilocks, 8, 7>(c);
-    poseidon2::<Goldilocks, MdsMatrixGoldilocks, DiffusionMatrixGoldilocks, 12, 7>(c);
-    poseidon2::<Goldilocks, MdsMatrixGoldilocks, DiffusionMatrixGoldilocks, 16, 7>(c);
+    poseidon2::<Goldilocks, DiffusionMatrixGoldilocks, 8, 7>(c);
+    poseidon2::<Goldilocks, DiffusionMatrixGoldilocks, 12, 7>(c);
+    poseidon2::<Goldilocks, DiffusionMatrixGoldilocks, 16, 7>(c);
 }
 
-fn poseidon2<F, Mds, Diffusion, const WIDTH: usize, const D: u64>(c: &mut Criterion)
+fn poseidon2<F, Diffusion, const WIDTH: usize, const D: u64>(c: &mut Criterion)
 where
     F: PrimeField64,
     Standard: Distribution<F>,
-    Mds: MdsPermutation<F, WIDTH> + Default,
     Diffusion: DiffusionPermutation<F, WIDTH> + Default,
 {
     let mut rng = thread_rng();
-    let external_mds = Mds::default();
     let internal_mds = Diffusion::default();
 
     // TODO: Should be calculated for the particular field, width and ALPHA.
     let rounds_f = 8;
     let rounds_p = 22;
 
-    let poseidon = Poseidon2::<F, Mds, Diffusion, WIDTH, D>::new_from_rng(
+    let poseidon = Poseidon2::<F, Diffusion, WIDTH, D>::new_from_rng(
         rounds_f,
         rounds_p,
-        external_mds,
         internal_mds,
         &mut rng,
     );