-
@ A₿del ∞/21M
2025-04-25 09:42:24
be me: yesterday I found randomly a paper about 2 Circle STARK friendly hash functions working with Mersenne M31 (RPO-M31 and XHash-M31: Efficient Hash Functions for Circle STARKs by Tomer Ashur1 and Sundas Tariq)
then i was: ohhh wow, looks interesting. then: write a rust implementation
then start thinking: wait, maybe it could be a good candidate for a Circle STARK friendly AND Bitcoin Script friendly hash function
then: start doing analysis and cost estimate
then realise that they would NOT be practical to implement in Bitcoin Script...
It's a pity for this but still it's very interesting hash functions, and the fact that they natively work with M31 is super promising.
Maybe it's worth building a Cairo and Solidity implementation and benchmark the costs. They might be more interesting to use than Poseidon for Circle STARKs M31.
Paper: https://eprint.iacr.org/2024/1635.pdf
Rust repo: https://github.com/AbdelStark/rpo-xhash-m31
https://m.primal.net/QchI.jpg