MiMC Sponge Hasher implementation in Sophia?


@marco.chain I would like to know that is there any MiMC Sponge hasher function implementation in Sophia ? or @dimitar.chain what hash function would you suggest if not above for my ZK-Snark bounty…

Kind Regards,

1 Like


not sure what exactly you ask for. But you need to rely on the BLS12_381 curve in order to achieve what you are aiming for.

Maybe this resource helps a bit:


Thanks for sharing Marco, I read it and tried the best to learn more it as I am currently learning as well.

However to create merkle tree the values required to be hashed in a certain fashion so that is what I was referring to.


1 Like

it’s not the part where I have best knowledge in :smiley: so I am not the right person to help you out. but of course you need to fully understand what you need in order to achieve private transactions on aeternity.

for all the Sophia unrelated off-chain logic you need you will probably have to re-use existing tooling (of others) or build sth. from scratch

1 Like

@marco.chain @hanssv.chain @dimitar.chain it is actually something implemented in solidity so was just asking.

I am not very familiar with efficiency of hashing functions on chain so was asking if not above then is it ok if i use any existing one in sophia like sha256 as circomlib also have it.


Just pointing out the obvious here, SHA256, kecacc, Blake2, etc are a completely different family of hash functions compared to MiMC, Pedersen and Poseidon, etc. There are trade-offs to be be made.

Regarding implementing hash-functions in Sophia, it should be relatively straightforward (it is just integer arithmetics and bit manipulation after all), however making it as efficient (gas-wise) as Solidity is probably hard since Sophia/FATE lacks some low level instructions (MULMOD, and bitwise operations) and have a slightly different memory model.

In the next protocol upgrade FATE will be extended with some of this - the memory model remains the same, but MULMOD and bitwise operations are added to the language. And there will also be an additional hash-function available Poseidon hash. See PR #3767 for more information.


Thank you Hans. I understand and try my best to make it working.

1 Like

I have a question regarding https://github.com/aeternity/aesophia/blob/47878308619ea52197f9a35b2b924da704cbc544/test/contracts/pairing_crypto.aes

Alpha: [20491192805390485299153009773594534940189261866228447918068658471970481763042,9383485363053290200918347156157836566562967994039712273449902621266178545958]
Beta: [[4252822878758300859123897981450591353533073413197771768651442665752259397132,6375614351688725206403948262868962793625744043794305715222011528459656738731],[21847035105528745403288232691147584728191162732299865338377159692350059136679,10505242626370262277552901082094356697409835680220590971873171140371331206856]]

Gamma: [[11559732032986387107991004021392285783925812861821192530917403151452391805634,10857046999023057135944570762232829481370756359578518086990519993285655852781],[4082367875863433681332203403145435568316851327593401208105741076214120093531,8495653923123431417604973247489272438418190587263600148770280649306958101930]]

Delta: [[5563441545933948488218476494240706057924259789995623756679765101921985839773,14322932008140731863626437644704537772004063670431390131921086482467808925808],[10519417790328391187994375766106885897716047910761289758197540860719091765039,19928495485339881223957653982775976414131926290258541241094287378087674453300]]

Ic[2][2]: [[6819801395408938350212900248749732364821477541620635511814266536599629892365,9092252330033992554755034971584864587974280972948086568597554018278609861372],[17882351432929302592725330552407222299541667716607588771282887857165175611387,18907419617206324833977586007131055763810739835484972981819026406579664278293]]

I have above values and would like to pass them on init method but getting error at Aestudio

message : "Argument" at position 0 fails because [Value '[[20491192805390485299153009773594534940189261866228447918068658471970481763042,9383485363053290200918347156157836566562967994039712273449902621266178545958]]' at path: [0] not a object]. "Argument" at position 1 fails because [Value '[[[4252822878758300859123897981450591353533073413197771768651442665752259397132,6375614351688725206403948262868962793625744043794305715222011528459656738731],[21847035105528745403288232691147584728191162732299865338377159692350059136679,10505242626370262277552901082094356697409835680220590971873171140371331206856]]]' at path: [1] not a object]. "Argument" at position 2 fails because [Value '[[[11559732032986387107991004021392285783925812861821192530917403151452391805634,10857046999023057135944570762232829481370756359578518086990519993285655852781],[4082367875863433681332203403145435568316851327593401208105741076214120093531,8495653923123431417604973247489272438418190587263600148770280649306958101930]]]' at path: [2] not a object]. "Argument" at position 3 fails because [Value '[[[5563441545933948488218476494240706057924259789995623756679765101921985839773,14322932008140731863626437644704537772004063670431390131921086482467808925808],[10519417790328391187994375766106885897716047910761289758197540860719091765039,19928495485339881223957653982775976414131926290258541241094287378087674453300]]]' at path: [3] not a object]. "Argument" at position 4 fails because ["[[[6819801395408938350212900248749732364821477541620635511814266536599629892365,9092252330033992554755034971584864587974280972948086568597554018278609861372],[17882351432929302592725330552407222299541667716607588771282887857165175611387,18907419617206324833977586007131055763810739835484972981819026406579664278293]]]" at position 0 fails because [Value '0' at path: [4,0] not a object], "[[[6819801395408938350212900248749732364821477541620635511814266536599629892365,9092252330033992554755034971584864587974280972948086568597554018278609861372],[17882351432929302592725330552407222299541667716607588771282887857165175611387,18907419617206324833977586007131055763810739835484972981819026406579664278293]]]" at position 1 fails because [Value '1' at path: [4,1] not a object]]

(Assuming either I am not passing it correctly or doing this operation incorrectly). So please clear my doubts.


 entrypoint init(_a : g1, _b : g2, _c : g2, _d : g2, _ic : list(g1)) = 
      vk = {
          a = _a,
          b = _b,
          c = _c,
          d = _d,
          ic = _ic

Best Regards,

Probably a question for @nikitafuchs.chain here


Thanks, @ae-omar for pointing it out, It is basically an object not adding to contract @nikitafuchs.chain

For my above response to @hanssv.chain , Sorry I forwarded you the BN254 inputs, not BLS12_381. I am still trying to figure out to use the current tooling of zk-snark for my case but using the BLS12_381 field. I did found the Circomlib have prime field compiled with 73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 but with snarkjs it is getting some undefined q error which I think is the q is the 2^384. But thank you guys for the help so far.

Best Regards,

1 Like