Parameters (mavkit-libs.Bls12_381_hash.Permutation.Anemoi.Parameters)

type t

The type representing the set of parameters for a given instance

val create : int -> int -> Mavryk_bls12_381.Fr.t array array -> t

create security state_size linear_layer creates a value of type t. If the state_size is 2, 4, 6 or 8, an exception is raised. The library enforces the user to use the default security parameters and an optimised implementation is provided in these cases. Also, an exception is raised if the state size is not a multiple of 2.

deprecated
It is highly recommended to follow the recommandation in the paper for the choice of security parameters. Please open an issue if you need support for other instances than the default parameters provided by the library.

val alpha : Mavryk_bls12_381.Fr.t

Exponent for the substitution box. For BLS12-381, it is 5

val alpha_inv : Mavryk_bls12_381.Fr.t

Inverse of the exponent for the substitution box. For BLS12-381, it is 20974350070050476191779096203274386335076221000211055129041463479975432473805

val delta : Mavryk_bls12_381.Fr.t

For BLS12-381, it is 14981678621464625851270783002338847382197300714436467949315331057125308909861

val g : Mavryk_bls12_381.Fr.t

First generator of the scalar field of BLS12-381, i.e. 7

val beta : Mavryk_bls12_381.Fr.t

Same than g

val gamma : Mavryk_bls12_381.Fr.t

Set to 0 for BLS12-381

val compute_number_of_rounds : int -> int -> int

compute_number_of_rounds state_size security computes the minimal number of rounds for an instance of Anemoi with a state size of m = state_size to reach a security level of security bits. The computation follows the formula given in section 5.2

val generate_constants : int -> int -> Mavryk_bls12_381.Fr.t array

generate_constants nb_rounds l generates the constants for the instance of Anemoi for a state size of m = 2 * l. The output contains the C's followed by the D's as described in the paper in section 5.1

val get_round_constants : t -> Mavryk_bls12_381.Fr.t array

val get_matrix : t -> Mavryk_bls12_381.Fr.t array array

val get_number_of_rounds : t -> int

val get_state_size : t -> int

val security_128_state_size_2 : t

Parameters for the permutation Anemoi for a state size of m = 2 (i.e. l = 1) and 128 bits of security given in the paper

val security_141_state_size_2 : t

Parameters for the permutation Anemoi for a state size of m = 2 (i.e. l = 1) and 141 bits of security

val security_128_state_size_4 : t

Parameters for the permutation Anemoi for a state size of m = 4 (i.e. l = 2) and 128 bits of security given in the paper

val security_128_state_size_6 : t

Parameters for the permutation Anemoi for a state size of m = 6 (i.e. l = 3) and 128 bits of security given in the paper

val security_128_state_size_8 : t

Parameters for the permutation Anemoi for a state size of m = 8 (i.e. l = 4) and 128 bits of security given in the paper