Calculate the hash of any input for ZK-Friendly hashes (MiMC & Poseidon) over a variety of Elliptic Curves (BN-128 (Babyjubjub prime), Vesta, & Pallas). Website here.
Certain operations over a finite field within a ZK-SNARK are much cheaper than others. Notably, addition & multiplication are cheap relative to other operations. Traditional hashes such as SHA-256 use non-addition/multiplication operations that make them expensive to use within a SNARK. A series of "ZK-Friendly" hashes (including MiMC and Poseidon) using only the addition & multiplication operations have been created to allow us to use secure hash functions within circuits while keeping circuit sizes reasonable.
Due to the novelty of these hash functions, there are no readily available web applications that allow you to evaluate the MiMC and Poseidon hash functions on some input over an elliptic curve. This web app utility allows for the computation of MiMC over the BN-128 Curve (with the Babyjubjub prime), and the pasta-curves Vesta & Pallas. The Poseidon hash function can also be computed over the BN-128 curve. This utility accepts numbers, vector, and matrices. It works on matrices up to 50 dimensions and traverses them in row-major order when generating the hash.
The original motivation for this website was to serve as a utility while developing Circom Circuits. The generated hash values are meant to align with values generated by the hash functions in Circomlib.
This can be extended to support many more elliptic curves & hash functions. Currently, MiMC only allows for iterations up to 220, and this restriction is due to the fact that we only generated constants for 220 rounds. More constants can be generated to allow for more iterations. Poseidon currently only works over BN-128 – the appropriate constants can be generated to use Poseidon over any other elliptic curve.
The MiMC implementation was modified from the DarkForest's team implementation. The Poseidon implementation is modified from Iden3's implementation.
While the outputs of these hash functions have been verified against a series of Circom Circuit outputs (including negative numbers, overflows, & multi-dimensional matrices), there is a possibility of a bug.