@@ -267,8 +267,36 @@ impl CryptoHazmat {
267267
268268 /// Performs a Poseidon permutation on the input state vector.
269269///
270- /// WARNING: This is a low-level permutation function. Most users should use
271- /// the higher-level `poseidon_hash` function instead.
270+ /// This is a **low-level** permutation primitive. For safe, user-friendly
271+ /// hash functions, use
272+ /// [`rs-soroban-poseidon`](https://github.com/stellar/rs-soroban-poseidon)
273+ /// instead, which provides input validation and standard hash constructions.
274+ ///
275+ /// # Field elements and `U256`
276+ ///
277+ /// All `U256` values (`input`, `mds`, `round_constants`) are generic
278+ /// representations of field elements in the prime field specified by
279+ /// `field`. If a `U256` value exceeds the field modulus, it is **silently
280+ /// reduced mod the field order**. Two distinct `U256` inputs that reduce
281+ /// to the same field element will produce the same output, leading to
282+ /// unintended collisions. Callers must ensure inputs are already in the
283+ /// valid field range.
284+ ///
285+ /// # Parameters
286+ ///
287+ /// - `input`: state vector of `t` field elements.
288+ /// - `field`: the prime field (`"BLS12_381"` or `"BN254"`).
289+ /// - `t`: state size (number of field elements).
290+ /// - `d`: S-box degree (5 for BLS12-381 and BN254).
291+ /// - `rounds_f`: number of full rounds (must be even).
292+ /// - `rounds_p`: number of partial rounds.
293+ /// - `mds`: `t`-by-`t` MDS matrix as `Vec<Vec<U256>>`.
294+ /// - `round_constants`: `(rounds_f + rounds_p)`-by-`t` matrix of round
295+ /// constants as `Vec<Vec<U256>>`.
296+ ///
297+ /// # Panics
298+ ///
299+ /// If any dimension is inconsistent or if `field` is unsupported.
272300pub fn poseidon_permutation (
273301 & self ,
274302 input : & Vec < U256 > ,
@@ -299,8 +327,38 @@ impl CryptoHazmat {
299327
300328 /// Performs a Poseidon2 permutation on the input state vector.
301329///
302- /// WARNING: This is a low-level permutation function. Most users should use
303- /// the higher-level `poseidon2_hash` function instead.
330+ /// This is a **low-level** permutation primitive. For safe, user-friendly
331+ /// hash functions, use
332+ /// [`rs-soroban-poseidon`](https://github.com/stellar/rs-soroban-poseidon)
333+ /// instead, which provides input validation and standard hash constructions.
334+ ///
335+ /// # Field elements and `U256`
336+ ///
337+ /// All `U256` values (`input`, `mat_internal_diag_m_1`, `round_constants`)
338+ /// are generic representations of field elements in the prime field
339+ /// specified by `field`. If a `U256` value exceeds the field modulus, it
340+ /// is **silently reduced mod the field order**. Two distinct `U256` inputs
341+ /// that reduce to the same field element will produce the same output,
342+ /// leading to unintended collisions. Callers must ensure inputs are
343+ /// already in the valid field range.
344+ ///
345+ /// # Parameters
346+ ///
347+ /// - `input`: state vector of `t` field elements.
348+ /// - `field`: the prime field (`"BLS12_381"` or `"BN254"`).
349+ /// - `t`: state size (number of field elements). Only
350+ /// `t` ∈ {2, 3, 4, 8, 12, 16, 20, 24} are supported.
351+ /// - `d`: S-box degree (5 for BLS12-381 and BN254).
352+ /// - `rounds_f`: number of full rounds (must be even).
353+ /// - `rounds_p`: number of partial rounds.
354+ /// - `mat_internal_diag_m_1`: diagonal of the internal matrix minus the
355+ /// identity, as `Vec<U256>` of length `t`.
356+ /// - `round_constants`: `(rounds_f + rounds_p)`-by-`t` matrix of round
357+ /// constants as `Vec<Vec<U256>>`.
358+ ///
359+ /// # Panics
360+ ///
361+ /// If any dimension is inconsistent or if `field` is unsupported.
304362pub fn poseidon2_permutation (
305363 & self ,
306364 input : & Vec < U256 > ,
0 commit comments