repository update

README.md

@@ -6,6 +6,7 @@ The repository already contains the following implementations:
 
 - `plain_impls` contains a comparison of the plain performance of various hash functions.
 - `bounties` contains toy instances and implementations of some hash functions used for the [Cryptanalysis Bounties](https://www.zkhashbounties.info/).
+- `bellman` contains a comparison of different hash functions in zero-knowledge applications using the [bellman_ce](https://github.com/matter-labs/bellman) library.
 
 ## Citing our work
 

bounties/src/feistel_mimc/feistel_mimc.rs

+use core::panic;
 use std::sync::Arc;
 
 use ff::PrimeField;
@@ -20,12 +21,12 @@ impl<F: PrimeField> FeistelMimc<F> {
         let mut input = *state_0;
         input.add_assign(&self.params.round_constants[round]);
 
-        let mut input2 = input.clone();
+        let mut input2 = input.to_owned();
         input2.square();
         match self.params.d {
             3 => {}
             5 => input2.square(),
-            _ => assert!(false),
+            _ => panic!(),
         }
         input2.mul_assign(&input);
         input2

bounties/src/feistel_mimc/mod.rs

+#[allow(clippy::module_inception)]
 pub mod feistel_mimc;
 pub mod feistel_mimc_instances;
 pub mod feistel_mimc_params;

bounties/src/fields/mod.rs

+#[allow(clippy::too_many_arguments)]
+#[allow(clippy::derive_hash_xor_eq)]
 pub mod field48;
+#[allow(clippy::too_many_arguments)]
+#[allow(clippy::derive_hash_xor_eq)]
 pub mod field56;
+#[allow(clippy::too_many_arguments)]
+#[allow(clippy::derive_hash_xor_eq)]
 pub mod field64;
 pub mod utils;
 

bounties/src/fields/utils.rs

@@ -11,12 +11,8 @@ pub fn from_u64<F: PrimeField>(val: u64) -> F {
 pub fn random_scalar_rng<F: PrimeField, R: Rng>(allow_zero: bool, rng: &mut R) -> F {
     loop {
         let s = F::rand(rng);
-        if allow_zero {
+        if allow_zero || s != F::zero() {
             return s;
-        } else {
-            if s != F::zero() {
-                return s;
-            }
         }
     }
 }
@@ -24,12 +20,8 @@ pub fn random_scalar_rng<F: PrimeField, R: Rng>(allow_zero: bool, rng: &mut R) -
 pub fn random_scalar<F: PrimeField>(allow_zero: bool) -> F {
     loop {
         let s = F::rand(&mut thread_rng());
-        if allow_zero {
+        if allow_zero || s != F::zero() {
             return s;
-        } else {
-            if s != F::zero() {
-                return s;
-            }
         }
     }
 }
@@ -72,11 +64,9 @@ pub fn field_element_from_shake<F: PrimeField>(reader: &mut Sha3XofReader) -> F
             }
             word_buf[i] = u64::from_le_bytes(byte_array);
         }
-
         let res = from_limbs_with_error::<F>(&word_buf);
-        match res {
-            Ok(el) => return el,
-            _ => {}
+        if let Ok(el) = res {
+            return el;
         }
     }
 }
@@ -93,7 +83,7 @@ fn is_zero<F: PrimeField>(a: &F::Repr) -> bool {
             return false;
         }
     }
-    return true;
+    true
 }
 
 #[inline(always)]
@@ -122,7 +112,7 @@ pub fn div_mod_crandall<F: PrimeField>(a: &F::Repr, k: u32) -> (F::Repr, u16) {
     let mask = (1u64 << k) - 1;
 
     let mut ri = a.as_ref()[0] & mask;
-    let mut qi = full_shr::<F>(&a, k);
+    let mut qi = full_shr::<F>(a, k);
 
     let mut q = qi;
     let mut r = ri;
@@ -255,8 +245,8 @@ const fn div_mod_word_by_short_normalized(
         r = r.wrapping_add(divisor);
     }
     if r >= divisor {
-        q1 = q1 + 1;
-        r = r - divisor;
+        q1 += 1;
+        r -= divisor;
     }
 
     (q1, r)
@@ -270,7 +260,7 @@ pub fn divide_long_using_recip<F: PrimeField>(
     norm_shift: u32,
 ) -> (F::Repr, u16) {
     let mut result = F::Repr::default();
-    let (repr, mut limb) = full_shl::<F>(&a, norm_shift);
+    let (repr, mut limb) = full_shl::<F>(a, norm_shift);
 
     result
         .as_mut()
@@ -431,16 +421,14 @@ pub fn mod_inverse<F: PrimeField>(val: u16, modulus: &F::Repr) -> F::Repr {
             a = prev_a;
             a.add_nocarry(&qa);
             a_neg = prev_a_neg;
+        } else if prev_a > qa {
+            a = prev_a;
+            a.sub_noborrow(&qa);
+            a_neg = prev_a_neg;
         } else {
-            if prev_a > qa {
-                a = prev_a;
-                a.sub_noborrow(&qa);
-                a_neg = prev_a_neg;
-            } else {
-                a = qa;
-                a.sub_noborrow(&prev_a);
-                a_neg = !a_neg;
-            }
+            a = qa;
+            a.sub_noborrow(&prev_a);
+            a_neg = !a_neg;
         }
 
         prev_a = tmp_a;
@@ -463,7 +451,7 @@ pub fn mod_inverse<F: PrimeField>(val: u16, modulus: &F::Repr) -> F::Repr {
 fn subtract<F: PrimeField>(c: u64, lhs: &F::Repr, rhs: &F::Repr) -> (F::Repr, u64) {
     if lhs >= rhs {
         let mut res = lhs.to_owned();
-        res.sub_noborrow(&rhs);
+        res.sub_noborrow(rhs);
         (res, c)
     } else {
         let mut res = rhs.to_owned();
@@ -560,7 +548,7 @@ mod utils_test_48 {
 
     #[test]
     fn div_equal() {
-        let bit = 10 as u16;
+        let bit: u16 = 10;
         let div = (1 << bit) - 1;
 
         let (divisor, recip) = compute_normalized_divisor_and_reciproical(div);
@@ -689,7 +677,7 @@ mod utils_test_56 {
 
     #[test]
     fn div_equal() {
-        let bit = 10 as u16;
+        let bit: u16 = 10;
         let div = (1 << bit) - 1;
 
         let (divisor, recip) = compute_normalized_divisor_and_reciproical(div);
@@ -821,7 +809,7 @@ mod utils_test_64 {
 
     #[test]
     fn div_equal() {
-        let bit = 10 as u16;
+        let bit: u16 = 10;
         let div = (1 << bit) - 1;
 
         let (divisor, recip) = compute_normalized_divisor_and_reciproical(div);

bounties/src/poseidon/mod.rs

+#[allow(clippy::module_inception)]
 pub mod poseidon;
 pub mod poseidon_instances;
 pub mod poseidon_params;

bounties/src/poseidon/poseidon.rs

@@ -51,24 +51,23 @@ impl<S: PrimeField> Poseidon<S> {
     fn sbox_p(&self, input: &S) -> S {
         let mut input2 = *input;
         input2.square();
-        let res = match self.params.d {
+
+        match self.params.d {
             3 => {
                 let mut out = input2;
-                out.mul_assign(&input);
+                out.mul_assign(input);
                 out
             }
             5 => {
                 let mut out = input2;
                 out.square();
-                out.mul_assign(&input);
+                out.mul_assign(input);
                 out
             }
             _ => {
-                assert!(false);
-                *input
+                panic!();
             }
-        };
-        res
+        }
     }
 
     fn matmul(&self, input: &[S], mat: &[Vec<S>]) -> Vec<S> {
@@ -76,9 +75,9 @@ impl<S: PrimeField> Poseidon<S> {
         debug_assert!(t == input.len());
         let mut out = vec![S::zero(); t];
         for row in 0..t {
-            for col in 0..t {
+            for (col, inp) in input.iter().enumerate().take(t) {
                 let mut tmp = mat[row][col];
-                tmp.mul_assign(&input[col]);
+                tmp.mul_assign(inp);
                 out[row].add_assign(&tmp);
             }
         }

bounties/src/reinforced_concrete/mod.rs

+#[allow(clippy::module_inception)]
 pub mod reinforced_concrete;
 pub mod reinforced_concrete_instances;
 pub mod reinforced_concrete_params;

bounties/src/reinforced_concrete/reinforced_concrete.rs

@@ -12,6 +12,7 @@ pub struct ReinforcedConcrete<F: PrimeField> {
 }
 
 impl<F: PrimeField> ReinforcedConcrete<F> {
+    #[allow(clippy::assertions_on_constants)]
     pub fn new(params: &Arc<ReinforcedConcreteParams<F>>) -> Self {
         debug_assert!(ReinforcedConcreteParams::<F>::T == 3);
         ReinforcedConcrete {
@@ -117,7 +118,7 @@ impl<F: PrimeField> ReinforcedConcrete<F> {
     pub fn bars(&self, state: &[F; 3]) -> [F; 3] {
         let mut s = state.to_owned();
         for el in s.iter_mut() {
-            let mut vals = self.decompose(&el);
+            let mut vals = self.decompose(el);
             for val in vals.iter_mut() {
                 // *val = self.params.sbox[*val as usize];
                 // safe because sbox is padded to the correct size in params

bounties/src/rescue_prime/mod.rs

+#[allow(clippy::module_inception)]
 pub mod rescue_prime;
 pub mod rescue_prime_instances;
 pub mod rescue_prime_params;

bounties/src/rescue_prime/rescue_prime.rs

@@ -41,24 +41,23 @@ impl<S: PrimeField> RescuePrime<S> {
             .map(|el| {
                 let mut el2 = *el;
                 el2.square();
-                let res = match self.params.d {
+
+                match self.params.d {
                     3 => {
                         let mut out = el2;
-                        out.mul_assign(&el);
+                        out.mul_assign(el);
                         out
                     }
                     5 => {
                         let mut out = el2;
                         out.square();
-                        out.mul_assign(&el);
+                        out.mul_assign(el);
                         out
                     }
                     _ => {
-                        assert!(false);
-                        *el
+                        panic!();
                     }
-                };
-                res
+                }
             })
             .collect()
     }
@@ -77,9 +76,9 @@ impl<S: PrimeField> RescuePrime<S> {
         debug_assert!(t == input.len());
         let mut out = vec![S::zero(); t];
         for row in 0..t {
-            for col in 0..t {
+            for (col, inp) in input.iter().enumerate().take(t) {
                 let mut tmp = mat[row][col];
-                tmp.mul_assign(&input[col]);
+                tmp.mul_assign(inp);
                 out[row].add_assign(&tmp);
             }
         }

bounties/src/rescue_prime/rescue_prime_params.rs

@@ -18,7 +18,7 @@ impl<S: PrimeField> RescuePrimeParams<S> {
         d: usize,
         rounds: usize,
         mds: &[Vec<S>],
-        round_constants: &Vec<Vec<S>>,
+        round_constants: &[Vec<S>],
     ) -> Self {
         assert!(d == 3 || d == 5);
         assert_eq!(mds.len(), t);