Abdel on Nostr: be me: yesterday I found randomly a paper about 2 Circle STARK friendly hash ...

be me: yesterday I found randomly a paper about 2 Circle STARK friendly hash functions working with Mersenne M31 (RPO-M31 and XHash-M31: Efficient Hash Functions for Circle STARKs by Tomer Ashur1 and Sundas Tariq)

then i was: ohhh wow, looks interesting. then: write a rust implementation

then start thinking: wait, maybe it could be a good candidate for a Circle STARK friendly AND Bitcoin Script friendly hash function

then: start doing analysis and cost estimate

then realise that they would NOT be practical to implement in Bitcoin Script...

It's a pity for this but still it's very interesting hash functions, and the fact that they natively work with M31 is super promising.

Maybe it's worth building a Cairo and Solidity implementation and benchmark the costs. They might be more interesting to use than Poseidon for Circle STARKs M31.

Paper: https://eprint.iacr.org/2024/1635.pdf
Rust repo: https://github.com/AbdelStark/rpo-xhash-m31