Welcome to the resource topic for 2025/926
Title:
Polocolo: A ZK-Friendly Hash Function Based on S-boxes Using Power Residues (Full Version)
Authors: Jincheol Ha, Seongha Hwang, Jooyoung Lee, Seungmin Park, Mincheol Son
Abstract:Conventional hash functions are often inefficient in zero-knowledge proof settings, leading to design of several ZK-friendly hash functions. On the other hand, lookup arguments have recently been incorporated into zero-knowledge protocols, allowing for more efficient handling of ``ZK-unfriendly’’ operations, and hence ZK-friendly hash functions based on lookup tables.
In this paper, we propose a new ZK-friendly hash function, dubbed \mathsf{Polocolo}, that employs an S-box constructed using power residues. Our approach reduces the numbers of gates required for table lookups, in particular, when combined with Plonk, allowing one to use such nonlinear layers over multiple rounds. We also propose a new MDS matrix for the linear layer of \mathsf{Polocolo}. In this way, \mathsf{Polocolo} requires fewer Plonk gates compared to the state-of-the-art ZK-friendly hash functions. For example, when t = 8, \mathsf{Polocolo} requires 21\% less Plonk gates compared to Anemoi, which is currently the most efficient ZK-friendly hash function, where t denotes the size of the underlying permutation in blocks of \mathbb F_p. For t = 3, \mathsf{Polocolo} requires 24\% less Plonk gates than Reinforced Concrete, which is one of the recent lookup-based ZK-friendly hash functions.
ePrint: https://eprint.iacr.org/2025/926
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .