Cryptographic operations

Miden assembly provides a set of instructions for performing common cryptographic operations. These instructions are listed in the table below.

Hashing and Merkle trees¶

Rescue-Prime Optimized is the native hash function of Miden VM. The parameters of the hash function were chosen to provide 128-bit security level against preimage and collision attacks. The function operates over a state of 12 field elements, and requires 7 rounds for a single permutation. However, due to its special status within the VM, computing Rescue Prime Optimized hashes can be done very efficiently. For example, applying a permutation of the hash function can be done in a single VM cycle.

Instruction	Stack_input	Stack_output	Notes
hash - (20 cycles)	[A, …]	[B, …]	${B} \leftarrow h a s h (A)$ where, $h a s h ()$ computes a 1-to-1 Rescue Prime Optimized hash.
hperm - (1 cycle)	[C, B, A, …]	[F, E, D, …]	${D, E, F} \leftarrow p e r m u t e (A, B, C)$ Performs a Rescue Prime Optimized permutation on the top 3 words of the operand stack, where the top 2 words elements are the rate (words C and B), the deepest word is the capacity (word A), the digest output is the word E.
hmerge - (16 cycles)	[B, A, …]	[C, …]	$C \leftarrow h a s h (A, B)$ where, $h a s h ()$ computes a 2-to-1 Rescue Prime Optimized hash.
mtree_get - (9 cycles)	[d, i, R, …]	[V, R, …]	Fetches the node value from the advice provider and runs a verification equivalent to `mtree_verify`, returning the value if succeeded.
mtree_set - (29 cycles)	[d, i, R, V’, …]	[V, R’, …]	Updates a node in the Merkle tree with root $R$ at depth $d$ and index $i$ to value $V^{'}$ . $R^{'}$ is the Merkle root of the resulting tree and $V$ is old value of the node. Merkle tree with root $R$ must be present in the advice provider, otherwise execution fails. At the end of the operation the advice provider will contain both Merkle trees.
mtree_merge - (16 cycles)	[R, L, …]	[M, …]	Merges two Merkle trees with the provided roots R (right), L (left) into a new Merkle tree with root M (merged). The input trees are retained in the advice provider.
mtree_verify - (1 cycle)	[V, d, i, R, …]	[V, d, i, R, …]	Verifies that a Merkle tree with root $R$ opens to node $V$ at depth $d$ and index $i$ . Merkle tree with root $R$ must be present in the advice provider, otherwise execution fails.

Last update: January 17, 2024

Authors: avenbreaks