Pedersen Hash Function
HH
is a Pedersen hash on two field elements,
(a,b)(a, b)
represented as
252252
-bit integers, defined as follows:
H(a,b)=[P0+alowP1+ahighP2+blowP3+bhighP4]xH(a, b) = [P_0 + a_{\text{low}} \cdot P_1 + a_{\text{high}} \cdot P_2 + b_{\text{low}} \cdot P_3 + b_{\text{high}} \cdot P_4]_x
where
alowa_{\text{low}}
is the
248248
low bits of
aa
,
ahigha_{\text{high}}
is the
44
high bits of
aa
(and similarly for
bb
).
[P]x[P]_x
denotes the
xx
-coordinate of an elliptic-curve point
PP
.
P0,P1,P2,P3,P4P_0, P_1, P_2, P_3, P_4
are constant points on the elliptic curve, derived from the decimal digits of
π\pi
. The shift point
P0P_0
was added for technical reasons to make sure the point at infinity on the elliptic curve does not appear during the computation. You can check the python and javascript reference implementation of this function.

Constant Points

P0=(2089986280348253421170679821480865132823066470938446095505822317253594081284,1713931329540660377023406109199410414810705867260802078187082345529207694986)\begin{split}P_0 = (2089986280348253421170679821480865132823066470938446095505822317253594081284, \\ 1713931329540660377023406109199410414810705867260802078187082345529207694986)\end{split}
P1=(996781205833008774514500082376783249102396023663454813447423147977397232763,1668503676786377725805489344771023921079126552019160156920634619255970485781)\begin{split}P_1 = (996781205833008774514500082376783249102396023663454813447423147977397232763, \\ 1668503676786377725805489344771023921079126552019160156920634619255970485781)\end{split}
P2=(2251563274489750535117886426533222435294046428347329203627021249169616184184,1798716007562728905295480679789526322175868328062420237419143593021674992973)\begin{split}P_2 = (2251563274489750535117886426533222435294046428347329203627021249169616184184, \\ 1798716007562728905295480679789526322175868328062420237419143593021674992973)\end{split}
P4=(2379962749567351885752724891227938183011949129833673362440656643086021394946,776496453633298175483985398648758586525933812536653089401905292063708816422)\begin{split}P_4 = (2379962749567351885752724891227938183011949129833673362440656643086021394946, \\ 776496453633298175483985398648758586525933812536653089401905292063708816422)\end{split}
Last modified 4mo ago
Copy link