Paper 2023/1045

The XHash Family for ZK-Friendly Hash Functions

Tomer Ashur
Amit Singh Bhati, 3MI Labs, Leuven, Belgium
Al Kindi, Polygon
Mohammad Mahzoun, 3MI Labs, Leuven, belgium
Léo Perrin, Inria
Sundas Tariq, 3MI Labs and COSIC, KU Leuven, Leuven, Belgium
Abstract

Zero-knowledge proofs are widely used in real-world applications, such as authentication, access control, blockchains, and cryptocurrencies. The underlying hash function is a core element in these zero-knowledge proof systems, and it plays a vital role in its efficiency. While traditional hash functions, such as SHA3 or BLAKE, are efficient on CPU architectures, they perform poorly within proof systems. This is primarily because these systems require functions that operate efficiently over finite fields, without mixing operations from different algebras. To address this challenge, a new paradigm called Arithmetization-Orientation has emerged. These designs are tailored for efficiency within proof systems while providing reliable security guarantees. Several such hash functions have been proposed, many have been successfully targeted by algebraic attacks or fail to provide optimal performances. In this work, we provide a new framework to design such hash functions that prevent these attacks and allow a highly efficient implementation in various proof systems. To this end, we combine the Marvellous design strategy with a new type of S-boxes and propose a new security argument against algebraic attacks that relies on a single well-defined and reasonable conjecture of a novel type. Using these techniques in the framework, we construct four new hash functions, XHash12-Goldilocks, XHash8-Goldilocks, XHash24-M31, and XHash16-M31. These high-performance hash functions are designed for ZK-STARKs and Circle-STARKs.

Note: Two new hash functions are added. Add a new coauthor to the paper.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Zero-knowledgeArithmetization-OrientedHash functionsXHashGoldilocks primeMersenne primeCircle STARKsAlgebraic Attacks
Contact author(s)
tomer @ 3milabs tech
amitsingh bhati @ 3milabs tech
al-kindi-0 @ protonmail com
mairon mahzoun @ 3milabs tech
perrin leo @ gmail com
sundas tariq @ 3milabs tech
History
2026-05-11: last of 6 revisions
2023-07-04: received
See all versions
Short URL
https://ia.cr/2023/1045
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1045,
      author = {Tomer Ashur and Amit Singh Bhati and Al Kindi and Mohammad Mahzoun and Léo Perrin and Sundas Tariq},
      title = {The {XHash} Family for {ZK}-Friendly Hash Functions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1045},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1045}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.