Hash Functions - Reinforced Concrete, Poseidon and Monolith

This forum thread is for discussion leading up to and following November’s IFT ZK Call.


SHA-2 and Keccak are often the first hash functions that come to one’s mind. However, in recent years, new hash functions have gained popularity. Hash functions such as Reinforced Concrete and Poseidon (and its successor Poseidon2) were designed with arithmetic circuits in mind.

Traditional hash functions were designed with two main priorities: security and evaluation efficiency. Unfortunately, traditional hash functions become a bottleneck for incremental verification due to the number of constraints that are required. Reinforced Concrete and Poseidon were designed with this in mind. Such hash functions are called SNARK-friendly.

Reinforced Concrete uses Poseidon’s design strategy. Specifically, Reinforced Concrete and Poseidon use two different rounds to protect them from statisical attacks and algebraic attacks. Reinforced Concrete is 5 times faster than Poseidon. Table 2 in Reinforced Concrete’s paper (eprint 2021/1038) provides a comparison benchmark between Reinforced Concrete and a variety of hash functions (including Poseidon).

How does Reinforced Concrete achieve this? By use of lookup tables and by replacing field multiplication with modular reductions.

Monolith offers improved performance over Poseidon and Reinforced Concrete. Monolith uses lookup arguments with simple CPU instructions. This allows for Monolith to be parallelizable and runs in constant-time. Monolith is protected against side-channel attacks due to its ability to be evaluated in constant-time.

In the paper for Monolith (eprint 2023/1025):

The performance given for Reinforced Concrete in Monolith’s table is only an estimate. This is due to the implementation used for Reinforced Concrete to be unoptimized. Based on Reinforced Concrete’s paper claim, I would expect that Reinforced Concrete would evaluate sponge for p = 2^{64}-2^{32}+1 in \approx 660 ns. It is unclear why Monolith’s team did not test Reinforced Concrete in this case (and p = 2^{31}-1).

Reinforced Concrete does not appear to have gained traction in the community that Poseidon/Poseidon2 has. Additionally, Monolith appears to be a promising hash function which may seem wider adoption.