Skip to content

[DO NOT MERGE YET] feat(hashing): Add domain separation in merkle#962

Open
iamrecursion wants to merge 1 commit intonextfrom
merkle-domain-sep
Open

[DO NOT MERGE YET] feat(hashing): Add domain separation in merkle#962
iamrecursion wants to merge 1 commit intonextfrom
merkle-domain-sep

Conversation

@iamrecursion
Copy link
Copy Markdown
Collaborator

@iamrecursion iamrecursion commented Apr 13, 2026

Describe your changes

This commit adds Poseidon2::hash_elements_in_domain to allow domain-tagging of hash inputs. This new function is then used in the hashing procedure for SmtLeaf, providing domain separation for any client of that type.

Affected downstream data types include Smt, LargeSmt, and LargeSmtForest, all of which use that type.

Note that THIS REQUIRES CHANGES TO THE VM'S CORELIB, as without the procedural changes, the clients of the API and of the VM will get different results.

Closes #860. Filed VM-side issue as 0xMiden/miden-vm#2996.

Checklist before requesting a review

  • Repo forked and branch created from next according to naming convention.
  • Commit messages and codestyle follow conventions.
  • Relevant issues are linked in the PR description.
  • Tests added for new functionality.
  • Documentation/comments updated according to changes.

@iamrecursion iamrecursion self-assigned this Apr 13, 2026
@iamrecursion iamrecursion added the hashing Related to hash functions label Apr 13, 2026
@iamrecursion iamrecursion marked this pull request as ready for review April 13, 2026 12:10
@iamrecursion iamrecursion changed the title feat(hashing): Add domain separation in merkle [DO NOT MERGE] feat(hashing): Add domain separation in merkle Apr 13, 2026
@iamrecursion iamrecursion changed the title [DO NOT MERGE] feat(hashing): Add domain separation in merkle [DO NOT MERGE YET] feat(hashing): Add domain separation in merkle Apr 13, 2026
@iamrecursion iamrecursion force-pushed the merkle-domain-sep branch 5 times, most recently from db68126 to fb7150b Compare April 16, 2026 10:42
@bobbinth
Copy link
Copy Markdown
Contributor

I would probably split out introduction of the hash_elements_in_domain() into a separate PR as it is independently useful.

@iamrecursion
Copy link
Copy Markdown
Collaborator Author

iamrecursion commented Apr 20, 2026

I've opened #978 to encompass just those changes, which this is now rebased on top of.

@iamrecursion iamrecursion changed the base branch from next to hash_elements_in_domain April 20, 2026 11:03
@iamrecursion iamrecursion force-pushed the hash_elements_in_domain branch 2 times, most recently from 4d2d73b to f5702d4 Compare April 20, 2026 11:48
@iamrecursion iamrecursion force-pushed the hash_elements_in_domain branch from f5702d4 to c701b3d Compare April 20, 2026 15:11
Base automatically changed from hash_elements_in_domain to next April 20, 2026 15:21
This commit adds `Poseidon2::hash_elements_in_domain` to allow
domain-tagging of hash inputs. This new function is then used in the
hashing procedure for `SmtLeaf`, providing domain separation for any
client of that type.

Affected downstream data types include `Smt`, `LargeSmt`, and
`LargeSmtForest`, all of which use that type.

Note that THIS REQUIRES CHANGES TO THE CORELIB, as without the
procedural changes, the clients of the API and of the VM will get
different results.
Copy link
Copy Markdown
Collaborator

@huitseeker huitseeker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM!
VM-side changes need not be concurrent, if this is included in a major release (see inline nit)

Comment thread CHANGELOG.md
- [BREAKING] Split the `SecretKey` type for both ECDSA-k256 and EdDSA-25519 into `SigningKey` and `KeyExchangeKey` to help enforce better practices around key reuse. `SecretKey` is no longer available in the public API; all usages should be moved to one of the new key types ([#965](https://github.com/0xMiden/crypto/pull/965)).
- Reduce repeated history scans in historical `LargeSmtForest::open()` queries ([#971](https://github.com/0xMiden/crypto/pull/971)).
- Added domain-separated hashing support for elements to `AlgebraicSpoonge` as `hash_elements_in_domain(...)`.
- [BREAKING] Changed `SmtLeaf::hash` to perform domain-separated hashing, reducing the risk of a collision with the hash of an inner node. Miden VM **must** be updated to comply with this.
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: given the breaking nature (and that 0.24 is released) I'd push this in the 0.25 tree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

hashing Related to hash functions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add domain separation between leaf and internal Merkle tree nodes

3 participants