From 9bc46070f336b42f7fa9f4cb3c0af9a32a9a246d Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Fri, 4 Jun 2021 20:58:39 +0100 Subject: [PATCH] Say that the round constants as well as the MDS matrices are generated according to Version 1.1 of the Poseidon reference implementation. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index abd7dc4b..f1927077 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -8854,8 +8854,8 @@ is specified as: \item $\PoseidonHash(x, y) = f([x, y, 2^{65}])_1$ (using $1$-based indexing). \end{formulae} -The MDS matrix is as generated by \texttt{generate\_parameters\_grain.sage} in Version 1.1 of the -reference implementation. +The MDS matrix and round constants are generated by \texttt{generate\_parameters\_grain.sage} in +Version 1.1 of the reference implementation. \begin{nnotes} \item The choice of MDS matrix and the number of rounds take into account cryptanalytic @@ -14360,6 +14360,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. to the \actionCircuit. This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}. The specification of $\ExtractP$ has also been refactored to use $\Selectx$ (this does not change the \Orchard protocol). + \item In \crossref{poseidonhash}, say that the round constants as well as the MDS matrices + are generated according to Version 1.1 of the reference implementation. } %nufive \item Move the section on abstraction (previously section 5.1) to \crossref{abstractprotocol}. Section 5.2 has been split into two (\crossref{endian} and \crossref{bitlayout}) to