feat(sbf): Add Poseidon syscall #32680
Conversation
Codecov Report
@@ Coverage Diff @@
## master #32680 +/- ##
=========================================
- Coverage 82.0% 82.0% -0.1%
=========================================
Files 784 785 +1
Lines 212449 212590 +141
=========================================
+ Hits 174270 174328 +58
- Misses 38179 38262 +83 |
|
The syscall implementation looks good to me overall! On my dev machine, it seems like I am getting slightly higher bench numbers, but the CU units do seem reasonable. I could be missing something, but the PR does seem to make some changes that seem tangential to the Poseidon syscall. Can you rebase with the master branch? |
If you mean the changes related to To handle different CU costs for different number of inputs, I included the Structs with I think that removing the |
samkim-crypto
left a comment
samkim-crypto
left a comment
There was a problem hiding this comment.
Looks good to me overall. Please let me know what you think about my comments below. Also, I think the changes regarding the runtime are indeed good changes, but it probably belongs to separate PR. Let's keep this PR focused on the Poseidon syscall and then we can perhaps have a follow-up for the run time changes (we can also possibly remove the need for hashtables; see below).
|
@samkim-crypto Thanks for review! Your comments should be addressed now. |
samkim-crypto
left a comment
samkim-crypto
left a comment
There was a problem hiding this comment.
Looks good to me! Just some nits. I will approve it once these are addressed.
|
Looks good to me thanks! There seems to be a conflict with the main branch, so let's resolve that and merge it in. |
Computing Poseidon[0] hashes is too expensive to be done in a Solana program in one transaction. Poseidon is a zero-knowlege proof friendly hash function, used by the majority of ZK-based projects, including the ones built on top of Solana. This change introduces the `sol_poseidon` syscall which takes 2D byte slice as an input and then calculates a Poseidon hash using a BN254 curve and the following Poseidon parameters: * x^5 S-boxes * width - 2 ≤ t ≤ 13 * inputs - 1 ≤ n ≤ 12 * 8 full rounds and partial rounds depending on t: [56, 57, 56, 60, 60, 63, 64, 63, 60, 66, 60, 65] Computation of Poseidon hashes is done with the light-poseidon[1] crate, which is audited[2] and compatible with Circom[3] (BN254 curve, the same parameters and constants). Proposed compute costs depend on number of inputs and are based on light-poseidon benchmarks[4]. [0] https://www.poseidon-hash.info/ [1] https://crates.io/crates/light-poseidon [2] https://github.com/Lightprotocol/light-poseidon/blob/main/assets/audit.pdf [3] https://docs.circom.io/ [4] https://github.com/Lightprotocol/light-poseidon/tree/main#performance
|
@samkim-crypto @SwenSchaeferjohann Thanks for reviews! Hopefully the last push. |
|
Great! Will merge once CI completes. Thank you for all the changes! |
4 participants
Problem
Computing Poseidon[0] hashes is too expensive to be done in a Solana program in one transaction. Poseidon is a zero-knowlege proof friendly hash function, used by the majority of ZK-based projects, including the ones built on top of Solana.
Summary of Changes
This change introduces the
sol_poseidonsyscall which takes 2D byte slice as an input and then calculates a Poseidon hash using a BN254 curve and the following Poseidon parameters:Computation of Poseidon hashes is done with the light-poseidon[1] crate, which is audited[2] and compatible with Circom[3] (BN254 curve, the same parameters and constants).
Proposed compute costs depend on number of inputs and are based on light-poseidon benchmarks[4].
[0] https://www.poseidon-hash.info/
[1] https://crates.io/crates/light-poseidon
[2] https://github.com/Lightprotocol/light-poseidon/blob/main/assets/audit.pdf
[3] https://docs.circom.io/
[4] https://github.com/Lightprotocol/light-poseidon/tree/main#performance