Merge pull request #609 from openmina/fix-poseidon

sebastiencs · web-flow · commit 716093152e40 · 2024-08-30T11:29:31.000+02:00
Fix poseidon hashing when absorbing empty slice
diff --git a/ledger/src/poseidon/mod.rs b/ledger/src/poseidon/mod.rs
@@ -1872,6 +1872,23 @@ impl<F: Field, SC: SpongeConstants> Sponge<F, F> for ArithmeticSponge<F, SC> {
 
     #[inline(never)]
     fn absorb(&mut self, x: &[F]) {
+        if x.is_empty() {
+            // Same as the loop below but doesn't add `x`
+            match self.sponge_state {
+                SpongeState::Absorbed(n) => {
+                    if n == self.rate {
+                        self.poseidon_block_cipher();
+                        self.sponge_state = SpongeState::Absorbed(1);
+                    } else {
+                        self.sponge_state = SpongeState::Absorbed(n + 1);
+                    }
+                }
+                SpongeState::Squeezed(_n) => {
+                    self.sponge_state = SpongeState::Absorbed(1);
+                }
+            }
+            return;
+        }
         for x in x.iter() {
             match self.sponge_state {
                 SpongeState::Absorbed(n) => {
diff --git a/ledger/src/proofs/transaction.rs b/ledger/src/proofs/transaction.rs
@@ -1687,7 +1687,28 @@ pub mod poseidon {
             Self::new_with_state([F::zero(); 3], F::get_params2())
         }
 
+        fn absorb_empty(&mut self, w: &mut Witness<F>) {
+            match self.sponge_state {
+                SpongeState::Absorbed(n) => {
+                    if n == C::SPONGE_RATE {
+                        self.poseidon_block_cipher(true, w);
+                        self.sponge_state = SpongeState::Absorbed(1);
+                    } else {
+                        self.sponge_state = SpongeState::Absorbed(n + 1);
+                    }
+                }
+                SpongeState::Squeezed(_n) => {
+                    self.sponge_state = SpongeState::Absorbed(1);
+                }
+            }
+        }
+
         pub fn absorb(&mut self, x: &[F], w: &mut Witness<F>) {
+            if x.is_empty() {
+                self.absorb_empty(w);
+                return;
+            }
+
             // Hack to know when to ignore witness
             // That should be removed once we use `cvar`
             let mut first = true;
@@ -1719,6 +1740,11 @@ pub mod poseidon {
         }
 
         pub fn absorb2(&mut self, x: &[F], w: &mut Witness<F>) {
+            if x.is_empty() {
+                self.absorb_empty(w);
+                return;
+            }
+
             // Hack to know when to ignore witness
             // That should be removed once we use `cvar`
             let mut first = true;
@@ -1754,6 +1780,11 @@ pub mod poseidon {
         }
 
         pub fn absorb3(&mut self, x: &[F], w: &mut Witness<F>) {
+            if x.is_empty() {
+                self.absorb_empty(w);
+                return;
+            }
+
             // Hack to know when to ignore witness
             // That should be removed once we use `cvar`
             let mut first = true;
@@ -4429,6 +4460,21 @@ mod tests {
         dbg!(sum);
     }
 
+    #[test]
+    fn test_hash_empty_event_checked() {
+        // Same value than OCaml
+        const EXPECTED: &str =
+            "6963060754718463299978089777716994949151371320681588566338620419071140958308";
+
+        let mut w = Witness::empty();
+        let hash = transaction_snark::checked_hash("MinaZkappEvent", &[], &mut w);
+        assert_eq!(hash, Fp::from_str(EXPECTED).unwrap());
+
+        let mut w = Witness::empty();
+        let hash = transaction_snark::checked_hash3("MinaZkappEvent", &[], &mut w);
+        assert_eq!(hash, Fp::from_str(EXPECTED).unwrap());
+    }
+
     /// Print requests types
     #[allow(unused)]
     #[test]
diff --git a/ledger/src/scan_state/transaction_logic.rs b/ledger/src/scan_state/transaction_logic.rs
@@ -945,6 +945,9 @@ pub mod zkapp_command {
     pub struct Event(pub Vec<Fp>);
 
     impl Event {
+        pub fn empty() -> Self {
+            Self(Vec::new())
+        }
         pub fn hash(&self) -> Fp {
             hash_with_kimchi("MinaZkappEvent", &self.0[..])
         }
@@ -8395,6 +8398,16 @@ mod tests {
             .into_compressed()
     }
 
+    #[test]
+    fn test_hash_empty_event() {
+        // Same value than OCaml
+        const EXPECTED: &str =
+            "6963060754718463299978089777716994949151371320681588566338620419071140958308";
+
+        let event = zkapp_command::Event::empty();
+        assert_eq!(event.hash(), Fp::from_str(EXPECTED).unwrap());
+    }
+
     /// Test using same values as here:
     /// https://github.com/MinaProtocol/mina/blob/3a78f0e0c1343d14e2729c8b00205baa2ec70c93/src/lib/mina_base/receipt.ml#L136
     #[test]
