Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct method for calculating Pedersen hash #20

Open
TheBojda opened this issue Jan 5, 2023 · 3 comments
Open

Correct method for calculating Pedersen hash #20

TheBojda opened this issue Jan 5, 2023 · 3 comments

Comments

@TheBojda
Copy link

TheBojda commented Jan 5, 2023

I tried to calculate Pedersen hash with circom and circomjs, but the results are different.

This is my circuit:

template PedersenHasher() {
    signal input source;
    signal output hash;
    signal output hash2;

    component hasher = Pedersen(248);
    component sourceBits = Num2Bits(248);
    sourceBits.in <== source;

    for (var i = 0; i < 248; i++) {
        hasher.in[i] <== sourceBits.out[i];
    }

    hash <== hasher.out[0];
    hash2 <== hasher.out[1];
}

component main = PedersenHasher();

And this is my circomjs code:

const pedersen = await buildPedersenHash();
const source = crypto.randomBytes(31);

const pedersenHash = pedersen.hash(source)
const points = pedersen.babyJub.unpackPoint(pedersenHash)

const { proof, publicSignals } = await groth16.fullProve({ source: ethers.BigNumber.from(source).toString() },
    "./build/pedersenHasherTest_js/pedersenHasherTest.wasm", "./build/pedersenHasher_0001.zkey")

If am I right publicSignals[0] should be equal to points[0] and publicSignals[1] should be equal to points[1], but the hashes are different.

Am I doing something wrong, or is it a bug in circomjs?
@0pf0r
Copy link

0pf0r commented Feb 24, 2023

Same issue here, have you found anything since then?

@TheBojda
Copy link
Author

I don't use Pedersen, only MiMC and Poseidon. This is my final workaround. :)

@0pf0r
Copy link

0pf0r commented Feb 24, 2023

Alright, I've read the related issue in the circomlib repo and been testing the suggestions there.
Very messy code but this should work:

const ffjavascript = require("ffjavascript");
const stringifyBigInts = ffjavascript.utils.stringifyBigInts;
const F = new ffjavascript.ZqField(
  ffjavascript.Scalar.fromString(
    "21888242871839275222246405745257275088548364400416034343698204186575808495617"
  )
);
var b = Buffer.alloc(32);
// Just set b to whatever input you want 

var h = pedersen.hash(b);
const hP = babyjub.unpackPoint(h)[0];

console.log((stringifyBigInts(F.fromRprLEM(hP))));

This should print the same hash circom logs during debugging (in decimal format obviously).
Also, here I used 256 bits long pedersen hash (not 248 like you), so buffer has to be 32 bytes long.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TheBojda @0pf0r