Split permutation from sponge construction

Work towards #29; this doesn't touch the constraint system implementation yet, in order to be able to get design feedback on the software part. - The `poseidon::PoseidonParameters` struct is renamed to `poseidon::Parameters` but otherwise remains unchanged. - The `poseidon::PoseidonSpongeState` struct is renamed to `poseidon::State` and redefined to hold just the state itself, as well as the parameters needed to run the permutation. It exposes a `permute(&mut self)` method, `rate()` and `capacity()` accessors, as well as `Index`, `IndexMut`, `AsRef`, and `AsMut` impls that allow access to the state. - The `poseidon::PoseidonSponge` struct is renamed to `poseidon::Sponge` and holds a `State` and a `DuplexSpongeMode`. In other words, it consists of the state, together with the extra data tracking how that state is being used to implement a higher-level duplex construction. - The `CryptographicSponge` trait is changed so that `new()` takes an owned, `Self::Parameters`, not a borrowed one. This allows the caller to decide where to copy data, instead of forcing the sponge implementation to clone internally. Or, a `CryptographicSponge` implementation could declare the associated `Parameters` type to be some shared type (like an `Arc` wrapper) that avoids the need to copy at all. - The `SpongeExt` trait that allows converting back and forth between a state and a sponge is deleted; it's not safe to pass between abstraction layers that way.
penumbra-zone · Oct 19, 2021 · a5468be · a5468be
1 parent 51d6fc9
commit a5468be
Show file tree

Hide file tree

Showing 8 changed files with 537 additions and 491 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -28,8 +28,8 @@ pub use absorb::*;
 
 /// The sponge for Poseidon
 ///
-/// This implementation of Poseidon is entirely from Fractal's implementation in [COS20][cos]
-/// with small syntax changes.
+/// This implementation of Poseidon was derived from Fractal's implementation in
+/// [COS20][cos].
 ///
 /// [cos]: https://eprint.iacr.org/2019/1076
 pub mod poseidon;
@@ -110,7 +110,7 @@ pub trait CryptographicSponge: Clone {
     type Parameters;
 
     /// Initialize a new instance of the sponge.
-    fn new(params: &Self::Parameters) -> Self;
+    fn new(params: Self::Parameters) -> Self;
 
     /// Absorb an input into the sponge.
     fn absorb(&mut self, input: &impl Absorb);
@@ -185,18 +185,6 @@ pub trait FieldBasedCryptographicSponge<CF: PrimeField>: CryptographicSponge {
     }
 }
 
-/// An extension for the interface of a cryptographic sponge.
-/// In addition to operations defined in `CryptographicSponge`, `SpongeExt` can convert itself to
-/// a state, and instantiate itself from state.
-pub trait SpongeExt: CryptographicSponge {
-    /// The full state of the cryptographic sponge.
-    type State: Clone;
-    /// Returns a sponge that uses `state`.
-    fn from_state(state: Self::State, params: &Self::Parameters) -> Self;
-    /// Consumes `self` and returns the state.
-    fn into_state(self) -> Self::State;
-}
-
 /// The mode structure for duplex sponges
 #[derive(Clone, Debug)]
 pub enum DuplexSpongeMode {

diff --git a/src/poseidon/constraints.rs b/src/poseidon/constraints.rs
@@ -1,6 +1,8 @@
+//! Constraints for Poseidon.
+
 use crate::constraints::AbsorbGadget;
 use crate::constraints::{CryptographicSpongeVar, SpongeWithGadget};
-use crate::poseidon::{PoseidonParameters, PoseidonSponge};
+use crate::poseidon::{Parameters, Sponge};
 use crate::DuplexSpongeMode;
 use ark_ff::{FpParameters, PrimeField};
 use ark_r1cs_std::fields::fp::FpVar;
@@ -21,7 +23,7 @@ pub struct PoseidonSpongeVar<F: PrimeField> {
     pub cs: ConstraintSystemRef<F>,
 
     /// Sponge Parameters
-    pub parameters: PoseidonParameters<F>,
+    pub parameters: Parameters<F>,
 
     // Sponge State
     /// The sponge's state
@@ -30,7 +32,7 @@ pub struct PoseidonSpongeVar<F: PrimeField> {
     pub mode: DuplexSpongeMode,
 }
 
-impl<F: PrimeField> SpongeWithGadget<F> for PoseidonSponge<F> {
+impl<F: PrimeField> SpongeWithGadget<F> for Sponge<F> {
     type Var = PoseidonSpongeVar<F>;
 }
 
@@ -179,11 +181,11 @@ impl<F: PrimeField> PoseidonSpongeVar<F> {
     }
 }
 
-impl<F: PrimeField> CryptographicSpongeVar<F, PoseidonSponge<F>> for PoseidonSpongeVar<F> {
-    type Parameters = PoseidonParameters<F>;
+impl<F: PrimeField> CryptographicSpongeVar<F, Sponge<F>> for PoseidonSpongeVar<F> {
+    type Parameters = Parameters<F>;
 
     #[tracing::instrument(target = "r1cs", skip(cs))]
-    fn new(cs: ConstraintSystemRef<F>, parameters: &PoseidonParameters<F>) -> Self {
+    fn new(cs: ConstraintSystemRef<F>, parameters: &Parameters<F>) -> Self {
         let zero = FpVar::<F>::zero();
         let state = vec![zero; parameters.rate + parameters.capacity];
         let mode = DuplexSpongeMode::Absorbing {
@@ -295,7 +297,7 @@ mod tests {
     use crate::constraints::CryptographicSpongeVar;
     use crate::poseidon::constraints::PoseidonSpongeVar;
     use crate::poseidon::tests::poseidon_parameters_for_test;
-    use crate::poseidon::PoseidonSponge;
+    use crate::poseidon::Sponge;
     use crate::{CryptographicSponge, FieldBasedCryptographicSponge};
     use ark_ff::UniformRand;
     use ark_r1cs_std::fields::fp::FpVar;
@@ -324,7 +326,7 @@ mod tests {
 
         let sponge_params = poseidon_parameters_for_test();
 
-        let mut native_sponge = PoseidonSponge::<Fr>::new(&sponge_params);
+        let mut native_sponge = Sponge::<Fr>::new(sponge_params.clone());
         let mut constraint_sponge = PoseidonSpongeVar::<Fr>::new(cs.clone(), &sponge_params);
 
         native_sponge.absorb(&absorb1);