feat: add hash of empty list rule for RP* hash functions

0xPolygonMiden · Sep 12, 2024 · 2d232be · 2d232be
1 parent 9e2eabb
commit 2d232be
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 0 deletions.
diff --git a/src/dsa/rpo_falcon512/keys/secret_key.rs b/src/dsa/rpo_falcon512/keys/secret_key.rs
@@ -28,6 +28,8 @@ const WIDTH_SMALL_POLY_COEFFICIENT: usize = 6;
 // SECRET KEY
 // ================================================================================================
 
+/// Represents the secret key for Falcon DSA.
+///
 /// The secret key is a quadruple [[g, -f], [G, -F]] of polynomials with integer coefficients. Each
 /// polynomial is of degree at most N = 512 and computations with these polynomials is done modulo
 /// the monic irreducible polynomial ϕ = x^N + 1. The secret key is a basis for a lattice and has

diff --git a/src/hash/rescue/rpo/mod.rs b/src/hash/rescue/rpo/mod.rs
@@ -64,6 +64,9 @@ mod tests;
 /// becomes the bottleneck for the security bound of the sponge in overwrite-mode only when it is
 /// lower than 2^128, we see that the target 128-bit security level is maintained as long as
 /// the size of the domain identifier space, including for padding, is less than 2^128.
+///
+/// ## Hashing of empty lists
+/// The current implementation hashes empty lists to the zero digest [0, 0, 0, 0].
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
 pub struct Rpo256();
 

diff --git a/src/hash/rescue/rpo/tests.rs b/src/hash/rescue/rpo/tests.rs
@@ -183,6 +183,24 @@ fn hash_elements() {
     assert_eq!(m_result, h_result);
 }
 
+#[test]
+fn hash_empty() {
+    let elements: Vec<Felt> = vec![];
+
+    let zero_digest = RpoDigest::default();
+    let h_result = Rpo256::hash_elements(&elements);
+    assert_eq!(zero_digest, h_result);
+}
+
+#[test]
+fn hash_empty_bytes() {
+    let bytes: Vec<u8> = vec![];
+
+    let zero_digest = RpoDigest::default();
+    let h_result = Rpo256::hash(&bytes);
+    assert_eq!(zero_digest, h_result);
+}
+
 #[test]
 fn hash_test_vectors() {
     let elements = [

diff --git a/src/hash/rescue/rpx/mod.rs b/src/hash/rescue/rpx/mod.rs
@@ -71,6 +71,9 @@ pub type CubicExtElement = CubeExtension<Felt>;
 /// the bottleneck for the security bound of the sponge in overwrite-mode only when it is
 /// lower than 2^128, we see that the target 128-bit security level is maintained as long as
 /// the size of the domain identifier space, including for padding, is less than 2^128.
+///
+/// ## Hashing of empty lists
+/// The current implementation hashes empty lists to the zero digest [0, 0, 0, 0].
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
 pub struct Rpx256();
 

diff --git a/src/hash/rescue/rpx/tests.rs b/src/hash/rescue/rpx/tests.rs
@@ -129,6 +129,24 @@ fn hash_elements() {
     assert_eq!(m_result, h_result);
 }
 
+#[test]
+fn hash_empty() {
+    let elements: Vec<Felt> = vec![];
+
+    let zero_digest = RpxDigest::default();
+    let h_result = Rpx256::hash_elements(&elements);
+    assert_eq!(zero_digest, h_result);
+}
+
+#[test]
+fn hash_empty_bytes() {
+    let bytes: Vec<u8> = vec![];
+
+    let zero_digest = RpxDigest::default();
+    let h_result = Rpx256::hash(&bytes);
+    assert_eq!(zero_digest, h_result);
+}
+
 #[test]
 fn sponge_bytes_with_remainder_length_wont_panic() {
     // this test targets to assert that no panic will happen with the edge case of having an inputs