LogoLogo
zkBob AppLinks & Resources
  • 🦹zkBob Overview
    • zkBob
    • Basic Concepts
      • Getting Started
      • Open-Source and Decentralized
      • Multichain Deployment
      • Usage Statistics
      • Use Cases
        • Employee Salary
        • Vendor Purchasing
      • Development Timeline
      • zk Privacy Solution Comparison
    • zkBob Pools
      • USDC Pool on Polygon (sunsets January 31, 2025)
      • USDC Pool on Optimism
      • ETH Pool on Optimism
      • USDT Pool on Tron (sunsets Oct 29, 2024)
    • Fees
      • Unspent note handling
    • Deposit & Withdrawal Limits
    • Compliance & Security
      • TRM Labs Integration
    • Conferences, Workshops, Videos
      • International Videos
    • Governance
    • BOB Stablecoin
    • zkBob FAQ
  • πŸ¦Έβ€β™‚οΈzkBob Application
    • UI Overview
    • Account Creation
      • Login to an existing account
      • Lost Password
      • Metamask / Web3 Wallet Warning
    • Deposits
    • Transfers
      • Multitransfers
    • Withdrawals
      • Native Token Conversion
    • Generate a Receiving Address
    • Optional KYC
    • zkBob Direct Deposits
    • Support ID
    • Payment Links
    • Integrated Services
    • Multilingual support
      • PortuguΓͺs
      • Русский
      • δΈ­ζ–‡
  • πŸ‘©β€βš•οΈTechnical Implementation
    • zkBob Application Overview
    • Deployed Contracts
    • Smart Contracts
      • zkBob Pool Contract
        • Transaction Calldata
      • Bob Token Contract
      • Verifier contracts
      • Operator Manager Contract
        • Mutable Operator Manager
      • Voucher (XP) Token Contract
    • Accounts and Notes
      • Accounts
      • Notes
    • Relayer Node
      • Relayer Operations
      • Optimistic State
      • REST API
    • zkBob Keys
      • Address derivation
      • Ephemeral keys
    • zkSNARKs & Circuits
      • Transfer verifier circuit overview
    • zkBob Merkle Tree
      • The Poseidon Hash
    • Elliptic Curve Cryptography
    • Transaction Overview
      • Common Structure
      • Memo Block
        • Memo Block Encryption
      • Transaction Types
      • Nullifiers
      • Signing a Transaction
      • The Transaction Lifecycle
    • Client Library SDK
      • Configuration
        • Initializing the client
          • Client Configuration
        • Attaching a User Account
          • Account Configuration
        • Switching Between Pools
      • Account-less Mode Operations
        • Converting Token Amounts
        • Transaction Fees
        • Transaction Constraints
        • Using the Delegated Prover
        • Getting the State
        • Gift Cards
        • Client Library Status
        • Helpers
        • Versioning
      • Full Mode Operations
        • Balances and History
        • Shielded Addresses
        • Account State
        • Fee Estimations
        • Transaction Configuration
        • Sending Transactions
        • Transaction Maintenance
        • Direct Deposits
        • Gift Cards Maintenance
        • Ephemeral Deposits
        • Forced Exit
        • Other Routines
      • Common Types
      • Full Functions List
      • Utilities
  • πŸ‘©β€πŸ«Deployment
    • Trusted Setup Ceremony
    • Contract Deployment
    • Relayer Subsystem
  • πŸ‘·β€β™‚οΈRoadmap
    • On the Roadmap
    • Exploratory Features
      • XP (Experience Points)
        • XP-based Auctions
      • Multi-chain Custom Rollup Deployment
      • Round-robin Operator Manager
      • Compounding
  • πŸ§‘β€πŸ’»Jobs
    • Zero-Knowledge Researcher & Protocol Developer
  • 🧩Resources
    • Visual Assets
    • Hackathons
      • zkBob Cloud
    • Release Notes
      • October 11, 2023
      • July 13, 2023
      • June 13, 2023
      • March 28, 2023
      • January 30, 2023
      • January 16, 2023
      • January 2, 2023
      • Releases 2022
    • Security Audit
    • Github
    • Link tree
Powered by GitBook
On this page

Was this helpful?

  1. Technical Implementation
  2. zkBob Merkle Tree

The Poseidon Hash

Used for the different purposes

PreviouszkBob Merkle TreeNextElliptic Curve Cryptography

Last updated 2 years ago

Was this helpful?

The Poseidon is a hash function designed for zero-knowledge proof systems like zkSNARKs. It operates over the GF(p)GF(p)GF(p) prime field. The main advantage of the Poseidon hash is simplification in circuits building.

The Poseidon contains a series of rounds each based on input permutations (add constants, exponentiation and mixing). An S-box routine is just an exponentiation number in the GF(p)GF(p)GF(p) field (the power of 5).

The round constants and S-box operations count depend on the parameter set. The Poseidon parameters are a tuple (t,f,p,c,m)(t, f, p, c, m)(t,f,p,c,m), where

  • ttt is a number of S-box routines in one round. It also specifies an input dimension: hash function supports up to ttt input numbers.

  • fff is a full rounds count (ttt S-box routines)

  • ppp is a partial rounds count (single S-box routine)

  • ccc is a round constants array ((f+p)Γ—t(f+p) \times t(f+p)Γ—t dimension)

  • mmm is a square array used for a mixing function (tΓ—tt \times ttΓ—t dimension)

The Poseidon routine produces a resulting hash (over prime field) after (f+p)(f+p)(f+p) rounds.

As mentioned previously there are different parameter sets used for hashes in the Merkle tree. These hash types are explained in the table below. The parameter set is presented in the reduced form (just a tuple(t,f,p)(t, f, p)(t,f,p)):

Label
Parameters
Hash purpose
Inputs

​

2, 8, 56

Key derivation ( and )

Transaction verifier key or diversifier

/

3, 8, 56

Merkle tree's node; Nullifier

two child nodes or leafs; Account hash and intermediate nullifier hash ()

/

4, 8, 56

EDDSA sign and verify; Intermediate nullifier hash (inh)

​ () , , ()

5, 8, 56

Note hash

()

/

6, 8, 57

Account hash;

Transaction hash

()​;

account and notes hashes with transaction commitment ()

Poseidon specification

This page provides just a simple description of the Poseidon hash function. For additional details please refer to the . It contains exhaustive materials, security investigations, implementation details, proof system applications and so on.

πŸ‘©β€βš•οΈ
HashHashHash
Ξ·\etaΞ·
PdP_dPd​
AAA
ddd
HashmerkleHash_{merkle}Hashmerkle​
HashnullifierHash_{nullifier}Hashnullifier​
HasheddsaHash_{eddsa}Hasheddsa​
HashinhHash_{inh}Hashinh​
R.x,A.x,HR.x, A.x, HR.x,A.x,H
Hash(acc)Hash(acc)Hash(acc)
Ξ·\etaΞ·
pathpathpath
HashnoteHash_{note}Hashnote​
d,Pd,b,td, P_d, b, td,Pd​,b,t
HashaccountHash_{account}Hashaccount​
HashspongeHash_{sponge}Hashsponge​
d,Pd,i,bd, P_d, i, bd,Pd​,i,b
original publication
details
details
details
details
details
details