# Cryptographic Primitives ### 1. Baby Jubjub Elliptic Curve Baby Jubjub is a twisted Edwards elliptic curve specifically designed for efficient zero-knowledge proof systems. It operates over the prime field **Fr** of the BN254 curve, making it highly compatible with zk-SNARK circuits and the Ethereum ecosystem. Baby Jubjub is defined by the twisted Edwards equation: ``` ax² + y² = 1 + dx²y² ``` Where: * **Prime field**: p = 21888242871839275222246405745257275088548364400416034343698204186575808495617 Curve parameters: * **a** = 168700 * **d** = 168696 For more details, see [circomlib implementation](https://github.com/iden3/circomlib/blob/master/circuits/babyjub.circom). ### 2. Poseidon Hash Function Poseidon is a cryptographic hash function specifically designed for zero-knowledge proof systems. It provides significant efficiency improvements over traditional hash functions like SHA-256 when used in arithmetic circuits. Poseidon operates directly over prime fields, eliminating the need for expensive bit operations in zk-SNARK circuits: * Field Operations: Uses only addition and multiplication in **Fr** * No Bit Manipulation: Avoids costly binary operations * Constraint Efficiency: Requires significantly fewer R1CS constraints **Parameters for BN254 Field** * **Field Prime**: Same as Baby Jubjub (p = 21888242871839275222246405745257275088548364400416034343698204186575808495617) **Round Function** Each Poseidon round consists of three operations: 1. **AddRoundConstants**: state\[i] = state\[i] + roundConstant\[i] 2. **SubWords** (S-box): state\[i] = state\[i]^5 3. **MixLayer**: Linear transformation using MDS matrix For more details, see [circomlib parameters of Poseidon](https://github.com/iden3/circomlib/blob/master/circuits/poseidon_constants.circom). ### 3. zk-SNARK (Groth16) Hinkal’s privacy logic is expressed as Circom circuits compiled to R1CS and proven with Groth16 over the BN254 field. Groth16 provides constant-size proofs and fast on-chain verification, making it a practical choice for Ethereum. **Arithmetization** * Field: **Fr** of BN254 (same prime p as above). * Model: Rank-1 Constraint System (R1CS). * Libs: Circom 2.x with circomlib primitives (BabyJubjub ops, Poseidon hash, Merkle path gadgets). **Trusted Setup** (two-phase; Phase 1 from Polygon) * Phase 1 (universal “Powers of Tau”): We reuse [Polygon Hermez’s first-stage](https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_21.ptau) trusted setup as the universal CRS (Common Reference String). This stage is circuit-agnostic and need not be rerun when circuits change. * Phase 2 (circuit-specific): Starting from the Phase-1 CRS, we run a per-circuit setup to derive the proving key (pk) and verifying key (vk). Any circuit change requires redoing Phase 2 only; the on-chain verifier uses the fixed vk. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hinkal-team.gitbook.io/hinkal/technical-description/setup/cryptographic-primitives.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.