Vitalik Buterin
@vitalik.eth
Poseidon is a super elegant hash function, part 2: Even an optimized STARK arithmetization can fit into a single screenshot
36 replies
82 recasts
656 reactions
Tayyab - d/acc
@tayyab
Thanks Vitalik, now can you explain what this wizardry is?
1 reply
6 recasts
68 reactions
Vitalik Buterin
@vitalik.eth
It's a degree-5 function from a size-192 list of primes mod 2^31-1 to a size-176 list of primes mod 2^31-1, which evaluates to true only if the last eight items of the input are the Poseidon2 hash output of the first sixteen items of the input. This is useful for making hyper-optimized STARK proofs of hashes, which in turn is useful for STARKing anything blockchain-related, and potentially a (quantum-safe) replacement for verkle trees.
5 replies
1 recast
21 reactions
Based Man
@basedman
While I love to share your optimism most times, Quantum computers can use Grover's algorithm to perform a square root speedup for brute-force attacks on hash functions. This would reduce the effective security of the hash function from \(2^n\) to \(2^{n/2}\). For Poseidon, this means doubling the security parameter to maintain the same level of security. Also construction of Poseidon involves specific arithmetic operations over prime fields. Quantum algorithms that excel at solving problems in these fields could potentially weaken Poseidon's security. While all is theoretically yet, bullet proof tests can only be done as soon we will service fully at the quantum era. - Quantum futura incerta, praesens fortis sit.
0 reply
0 recast
0 reaction
