Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MDS Matrix Parameters might be weak #237

Closed
moCello opened this issue Dec 14, 2023 · 1 comment
Closed

MDS Matrix Parameters might be weak #237

moCello opened this issue Dec 14, 2023 · 1 comment

Comments

@moCello
Copy link
Member

moCello commented Dec 14, 2023

Summary

The Poseidon paper does not specify a specific MDS Matrix to use. Instead, it provides an algorithm for generating MDS Matrices which requires two starting vectors x and y. Additionally, the paper emphasizes that not all MDS Matrices provide the same level of security.

In Dusk’s implementation, x=[0,1,2,3,4] and y=[5,6,7,8,9].
In Aztec’s implementation, x and y are randomly generated, and then further subjected to three additional checks suggested in the Poseidon paper.

Aztec probably has a reason for randomly generating parameters, as opposed to just picking the first possible vectors and Dusk’s parameters may provide insufficient mixing, which in turn might reduce the security level of this Poseidon implementation.

But more research needs to be done to check if our specific MDS parameters are safe.

Relevant Context

Finding from the plonk audit.
@moCello
Copy link
Member Author

moCello commented Jan 31, 2024

After some further investigation by the auditor of the plonk implementation, it was found that the MDS matrix parameters aren't weak.

@moCello moCello closed this as completed Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@moCello