kimchi/circuits/polynomials/keccak/
constants.rs

1/// Constants for each witness' index offsets and lengths
2
3// KECCAK PARAMETERS
4/// The dimension of the Keccak state
5pub const DIM: usize = 5;
6
7/// An element of the Keccak state is 64 bits. However, we split the state into
8/// quarters of 16 bits to represent XOR and AND using the finite field
9/// addition. See the Keccak RFC for more information.
10pub const QUARTERS: usize = 4;
11
12pub const SHIFTS: usize = 4;
13
14/// The number of rounds in the Keccak permutation
15pub const ROUNDS: usize = 24;
16
17/// The number of bytes that can be processed by the Keccak permutation. It is
18/// the rate of the sponge configuration.
19pub const RATE_IN_BYTES: usize = 1088 / 8;
20
21/// The number of bytes used as a capacity in the sponge.
22pub const CAPACITY_IN_BYTES: usize = 512 / 8;
23
24/// The number of columns the Keccak circuit uses.
25pub const KECCAK_COLS: usize = 1965;
26
27/// The number of field elements used to represent the whole Keccak state.
28pub const STATE_LEN: usize = QUARTERS * DIM * DIM;
29
30pub const SHIFTS_LEN: usize = SHIFTS * STATE_LEN;
31
32// ROUND INDICES
33
34pub const THETA_STATE_A_OFF: usize = 0;
35pub const THETA_STATE_A_LEN: usize = STATE_LEN;
36pub const THETA_SHIFTS_C_OFF: usize = THETA_STATE_A_LEN;
37pub const THETA_SHIFTS_C_LEN: usize = SHIFTS * DIM * QUARTERS;
38pub const THETA_DENSE_C_OFF: usize = THETA_SHIFTS_C_OFF + THETA_SHIFTS_C_LEN;
39pub const THETA_DENSE_C_LEN: usize = QUARTERS * DIM;
40pub const THETA_QUOTIENT_C_OFF: usize = THETA_DENSE_C_OFF + THETA_DENSE_C_LEN;
41pub const THETA_QUOTIENT_C_LEN: usize = DIM;
42pub const THETA_REMAINDER_C_OFF: usize = THETA_QUOTIENT_C_OFF + THETA_QUOTIENT_C_LEN;
43pub const THETA_REMAINDER_C_LEN: usize = QUARTERS * DIM;
44pub const THETA_DENSE_ROT_C_OFF: usize = THETA_REMAINDER_C_OFF + THETA_REMAINDER_C_LEN;
45pub const THETA_DENSE_ROT_C_LEN: usize = QUARTERS * DIM;
46pub const THETA_EXPAND_ROT_C_OFF: usize = THETA_DENSE_ROT_C_OFF + THETA_DENSE_ROT_C_LEN;
47pub const THETA_EXPAND_ROT_C_LEN: usize = QUARTERS * DIM;
48pub const PIRHO_SHIFTS_E_OFF: usize = THETA_EXPAND_ROT_C_OFF + THETA_EXPAND_ROT_C_LEN;
49pub const PIRHO_SHIFTS_E_LEN: usize = SHIFTS_LEN;
50pub const PIRHO_DENSE_E_OFF: usize = PIRHO_SHIFTS_E_OFF + PIRHO_SHIFTS_E_LEN;
51pub const PIRHO_DENSE_E_LEN: usize = STATE_LEN;
52pub const PIRHO_QUOTIENT_E_OFF: usize = PIRHO_DENSE_E_OFF + PIRHO_DENSE_E_LEN;
53pub const PIRHO_QUOTIENT_E_LEN: usize = STATE_LEN;
54pub const PIRHO_REMAINDER_E_OFF: usize = PIRHO_QUOTIENT_E_OFF + PIRHO_QUOTIENT_E_LEN;
55pub const PIRHO_REMAINDER_E_LEN: usize = STATE_LEN;
56pub const PIRHO_DENSE_ROT_E_OFF: usize = PIRHO_REMAINDER_E_OFF + PIRHO_REMAINDER_E_LEN;
57pub const PIRHO_DENSE_ROT_E_LEN: usize = STATE_LEN;
58pub const PIRHO_EXPAND_ROT_E_OFF: usize = PIRHO_DENSE_ROT_E_OFF + PIRHO_DENSE_ROT_E_LEN;
59pub const PIRHO_EXPAND_ROT_E_LEN: usize = STATE_LEN;
60pub const CHI_SHIFTS_B_OFF: usize = PIRHO_EXPAND_ROT_E_OFF + PIRHO_EXPAND_ROT_E_LEN;
61pub const CHI_SHIFTS_B_LEN: usize = SHIFTS_LEN;
62pub const CHI_SHIFTS_SUM_OFF: usize = CHI_SHIFTS_B_OFF + CHI_SHIFTS_B_LEN;
63pub const CHI_SHIFTS_SUM_LEN: usize = SHIFTS_LEN;
64pub const IOTA_STATE_G_OFF: usize = 0;
65pub const IOTA_STATE_G_LEN: usize = STATE_LEN;
66// SPONGE INDICES
67pub const SPONGE_OLD_STATE_OFF: usize = 0;
68pub const SPONGE_OLD_STATE_LEN: usize = STATE_LEN;
69pub const SPONGE_NEW_STATE_OFF: usize = SPONGE_OLD_STATE_OFF + SPONGE_OLD_STATE_LEN;
70pub const SPONGE_NEW_STATE_LEN: usize = STATE_LEN;
71pub const SPONGE_NEW_BLOCK_OFF: usize = SPONGE_NEW_STATE_OFF;
72pub const SPONGE_NEW_BLOCK_LEN: usize = 68;
73pub const SPONGE_ZEROS_OFF: usize = SPONGE_NEW_BLOCK_OFF + SPONGE_NEW_BLOCK_LEN;
74pub const SPONGE_ZEROS_LEN: usize = STATE_LEN - SPONGE_NEW_BLOCK_LEN;
75pub const SPONGE_BYTES_OFF: usize = SPONGE_NEW_STATE_OFF + SPONGE_NEW_STATE_LEN;
76pub const SPONGE_BYTES_LEN: usize = 2 * STATE_LEN;
77pub const SPONGE_SHIFTS_OFF: usize = SPONGE_BYTES_OFF + SPONGE_BYTES_LEN;
78pub const SPONGE_SHIFTS_LEN: usize = SHIFTS_LEN;
79pub const SPONGE_XOR_STATE_OFF: usize = 0;
80pub const SPONGE_XOR_STATE_LEN: usize = STATE_LEN;
81
82/// The number of columns the Sponge circuit uses.
83pub const SPONGE_COLS: usize = SPONGE_SHIFTS_OFF + SPONGE_SHIFTS_LEN;