Cryptographic hashes

Namespace std::crypto::hashes contains modules for commonly used cryptographic hash functions.

BLAKE3

Module std::crypto::hashes::blake3 contains procedures for computing hashes using BLAKE3 hash function. The input and output elements are assumed to contain one 32-bit value per element.

Procedure	Description
hash_1to1	Computes BLAKE3 1-to-1 hash. Input: 32-bytes stored in the first 8 elements of the stack (32 bits per element). Output: A 32-byte digest stored in the first 8 elements of stack (32 bits per element).
hash_2to1	Computes BLAKE3 2-to-1 hash. Input: 64-bytes stored in the first 16 elements of the stack (32 bits per element). Output: A 32-byte digest stored in the first 8 elements of stack (32 bits per element)

SHA256

Module std::crypto::hashes::sha256 contains procedures for computing hashes using SHA256 hash function. The input and output elements are assumed to contain one 32-bit value per element.

Procedure	Description
hash_1to1	Computes SHA256 1-to-1 hash. Input: 32-bytes stored in the first 8 elements of the stack (32 bits per element). Output: A 32-byte digest stored in the first 8 elements of stack (32 bits per element).
hash_2to1	Computes SHA256 2-to-1 hash. Input: 64-bytes stored in the first 16 elements of the stack (32 bits per element). Output: A 32-byte digest stored in the first 8 elements of stack (32 bits per element).

RPO256

Module std::crypto::hashes::rpo contains procedures for computing and managing hashes using Rescue Prime Optimized hash function.

Procedure	Description
squeeze_digest	Given the hasher state, returns the hash output. Input: `[C, B, A, ...]` Output: `[HASH, ...]` where: For the native RPO hasher resulting `HASH` is `B`. Cycles: 9
copy_digest	Copies the result of hash permutation to the top of the stack. It is expected to have the hasher state at the top of the stack at the beginning of the procedure execution. Input: `[C, B, A, ...]` Output: `[B, C, B, A, ...]` Where: - `A` is the capacity word that will be used by the hashing function. - `B` is the hash output. - `C` is the rate word that will be used by the hashing function. Cycles: 4
hash_memory_double_words	Hashes the pairs of words in the memory from `start_addr` to `end_addr`. This procedure requires that `end_addr = start_addr + 8n` where $n = {0, 1, 2...}$ (i.e. we must always hash some number of double words), otherwise the procedure will enter an infinite loop. Input: `[start_addr, end_addr, ...]` Output: `[HASH, ...]` Where: - `HASH` is the cumulative hash of the provided memory values. Cycles: 37 + 3 * words, where `words` is the `start_addr - end_addr`
absorb_double_words_from_memory	Hashes the memory `start_addr` to `end_addr` given an RPO state specified by 3 words. This requires that `end_addr=start_addr + 2n + 1`, otherwise the procedure will enter an infinite loop. `end_addr` is not inclusive. Stack transition: Input: `[C, B, A, start_addr, end_addr, ...]` Output: `[C', B', A', end_addr, end_addr ...]` Cycles: 4 + 3 * words, where `words` is the `start_addr - end_addr - 1` Where `A` is the capacity word that will be used by the hashing function, and `B'` the hash output.
hash_memory_words	Hashes the memory `start_addr` to `end_addr`, handles odd number of elements. Requires `start_addr < end_addr`, `end_addr` is not inclusive. Stack transition: Input: `[start_addr, end_addr, ...]` Output: `[H, ...]` Cycles: even words: 49 cycles + 3 * words odd words: 61 cycles + 3 * words
prepare_hasher_state	Computes the hasher state required for the `hash_memory_with_state` procedure. Depending on the provided `pad_inputs_flag`, this procedure instantiates the hasher state using different values for capacity element: - If `pad_inputs_flag` equals $1$ the capacity element will be assigned to $0$ . This will essentially "pad" the hashing values with zeroes to the next multiple of $8$ . - If `pad_inputs_flag` equals $0$ the capacity element will be assigned to the remainder of the division of elements number by $8$ ( $n u m_e l e m e n t s %8$ ). Inputs: `[ptr, num_elements, pad_inputs_flag]` Outputs: `[C, B, A, ptr, end_pairs_addr, num_elements%8]`
hash_memory_with_state	Computes hash of `Felt` values starting at the specified memory address using the provided hasher state. This procedure divides the hashing process into two parts: hashing pairs of words using `absorb_double_words_from_memory` procedure and hashing the remaining values using the `hperm` instruction. Inputs: `[C, B, A, ptr, end_pairs_addr, num_elements%8]` Outputs: `[HASH]`
hash_memory	Computes hash of `Felt` values starting at the specified memory address. This procedure divides the hashing process into two parts: hashing pairs of words using `absorb_double_words_from_memory` procedure and hashing the remaining values using the `hperm` instruction. Inputs: `[ptr, num_elements]` Outputs: [`HASH]` Cycles: - If number of elements divides by $8$ : 47 cycles + 3 * words - Else: 180 cycles + 3 * words Panics if number of inputs equals $0$ .

Keyboard shortcuts

The Miden book

Cryptographic hashes

BLAKE3

SHA256

RPO256