IVLS uses Poseidon with hardcoded parameters that do not guarantee to be secure #1
Labels
T-bug
Type: bug
Comments
|
How do the parameters differ when using the sponge construction? Does the MDS matrix and round constants change with sponges? Otherwise why not just generate a bunch of parameters using https://extgit.iaik.tugraz.at/krypto/hadeshash/-/tree/master/code and add to another repo? Are these parameters compatible here for an arbitrary curve? |
|
First let me link it to the main issue: arkworks-rs/crypto-primitives#95 Basically, the constants will change depending on the curve or the application. And as you mention, either pre-generating a bunch of parameters for different curves inside the arkworks, or letting the developers specify their parameters. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is the same as arkworks-rs/pcd#1.
IVLS has two instantiations of Merkle trees, one via Poseidon, one via Bowe-Hopwood variant of Pedersen. The problem with Poseidon, as the post above mentions, is that the parameter is hardcoded regardless of the curve and field. Sometimes, and in some situations, such parameters could be completely insecure.
This, therefore, means that the current repo is benchmark-purpose, and will wait for an upstream end-to-end implementation of a nice Poseidon sponge.
The text was updated successfully, but these errors were encountered: