• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Bitcoin
      • Riscv
      • Des
      • Ethereum
        • Mmp-trees
        • Semaphore
          • Verify-semaphore-r1cs
          • Mimc
          • Semaphore-specification
            • Prime-field-abbreviations
            • Pedersen-hash
              • Pedersen-scalar
              • Pedersen-generator
              • Pedersen-enc
              • Pedersen-pad
              • Pedersen
              • Pedersen-addend
            • Pedersen-hash-base-points
            • Baby-jubjub
          • Semaphore-proofs
        • Database
        • Cryptography
        • Rlp
        • Transactions
        • Hex-prefix
        • Basics
        • Addresses
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Bigmems
      • Builtins
      • Execloader
      • Aleo
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Semaphore-specification

Pedersen-hash

The Pedersen hash for the Ethereum Semaphore.

This is specified in Section 5.3.2 of https://github.com/appliedzkp/semaphore/blob/master/spec/Semaphore%20Spec.pdf and also, in more detail, in https://iden3-docs.readthedocs.io/en/latest/_downloads/4b929e0f96aef77b75bb5cfc0f832151/Pedersen-Hash.pdf. In the documentation of our formalization of Pedersen hash, we use `[ES]' (for `Ethereum Specification`) to refer to the first and `[IS]' (for `Iden3 Specification`) to refer to the second. There appear to be a few discrepancies between the two, although there should not be any; we will update our specification and documentation as these discrepancies are discussed and resolved.

Note that the Pedersen hash formalized here differs from the one in Zcash; in particular, this one uses 4-bit windows, while the one in Zcash uses 3-bit windows. Yet, the two share obvious characteristics. In the future, we may formalize a generic form of Pedersen hash, obtaining the Ethereum Semaphore one and the Zcash one by suitably instantiating and specializing the generic one.

Subtopics

Pedersen-scalar
The function that maps each message segment to a scalar.
Pedersen-generator
Generator points for Pedersen hash.
Pedersen-enc
Encode a window of 4 bits.
Pedersen-pad
Pedersen hash padding.
Pedersen
Point resulting from the Pedersen hash.
Pedersen-addend
Addend point in the sum that yields the Pedersen hash.