Add documentation of perfect hash parameters.

src/arithmetic/fields.rs

@@ -151,6 +151,10 @@ struct SqrtHasher<F: FieldExt> {
 impl<F: FieldExt> SqrtHasher<F> {
     /// Returns a perfect hash of x for use with SqrtTables::inv.
     fn hash(&self, x: &F) -> usize {
+        // This is just the simplest constant-time perfect hash construction that could
+        // possibly work. The 32 low-order bits are unique within the 2^S order subgroup,
+        // then the xor acts as "salt" to injectively randomize the output when taken modulo
+        // `hash_mod`. Since the table is small, we do not need anything more complicated.
         ((x.get_lower_32() ^ self.hash_xor) as usize) % self.hash_mod
     }
 }

src/pasta/fields/fp.rs

@@ -600,6 +600,7 @@ impl ff::PrimeField for Fp {
 }
 
 lazy_static! {
+    // The perfect hash parameters are found by `squareroottab.sage` in zcash/pasta.
     static ref FP_TABLES: SqrtTables<Fp> = SqrtTables::new(0x11BE, 1098);
 }
 

src/pasta/fields/fq.rs

@@ -600,6 +600,7 @@ impl ff::PrimeField for Fq {
 }
 
 lazy_static! {
+    // The perfect hash parameters are found by `squareroottab.sage` in zcash/pasta.
     static ref FQ_TABLES: SqrtTables<Fq> = SqrtTables::new(0x116A9E, 1206);
 }