Marius Van Der Wijden claims to have broken Iden3's implementation of the Poseidon Hash. It is quite well-known, and probably used, so it's quite interesting.
He claims the problem is with their bit padding.
Normally you add '1' and then zeroes (possibly none) to fill the block length. This ensures that there is always some padding.
They didn't add the '1', so some input doesn't get padded at all, which leads to a collision.
[#]cryptography #snarks #zk #blockchain.
https://x.com/vdWijden/status/1877046148386451732
=> More informations about this toot | More toots from neiman@mastodon.social
Poseidon Hash is used in ZK (zero-knowledge) applications. It's designed to have (much) smaller circuits than traditional hashes making ZK proofs much faster.
It's quite new. The different implementations of it don't always align.
The problem that was found is not with the function itself, but rather with a specific implementation.
There's already a "Poseidon 2" function that is used in some places, like Noir.
=> More informations about this toot | More toots from neiman@mastodon.social This content has been proxied by September (3851b).Proxy Information
text/gemini