Neptune is a Rust implementation of the Poseidon hash function tuned for Filecoin.
Neptune has been audited by ADBK Consulting and deemed fully compliant with the paper (Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems).
Neptune is specialized to the BLS12-381 curve. Although the API allows for type specialization to other fields, the round numbers, constants, and s-box selection may not be correct. Do not do this.
Hashes of arbitrary arities are generally supported — but secure round numbers have only been calculated for a selection (including especially 2, 4, and 8 — which are explicitly, rather than incidentally, supported). Filecoin Proofs make heavy use of 8-ary merkle trees and merkle inclusion proofs (in SNARKs).
Neptune also supports batch hashing and tree building, which can be performed on a GPU. The underlying GPU
implementation, neptune-triton is implemented in the Futhark
Programming Language. To use neptune-triton
GPU batch hashing, compile neptune
with the
gpu
feature.
Neptune now implements GPU batch hashing in pure OpenCL. The initial implementation is a bit less than 2x faster than
the Futhark implementation, so once stabilized this will likely be the preferred option. The pure OpenCL batch hashing
is provided by the internal proteus
module. To use proteus
, compile neptune
with the opencl
feature.
The gpu
and opencl
features are mutually exclusive.
At the time of the 1.0.0 release, Neptune on RTX 2080Ti GPU can build 8-ary Merkle trees for 4GiB of input in 16 seconds.
NEPTUNE_DEFAULT_GPU=<bus-id>
allows you to select the default GPU that tree-builder is going to run on given its bus-id.
(Bus-id is a decimal integer that can be found through nvidia-smi
, rocm-smi
, lspci
and etc.)
The following are likely areas of future work:
- Support for multiple GPUs.
- Support domain separation tag.
- Improve throughput (?) by using OpenCL directly.
Neptune was originally bootstrapped from Dusk's reference implementation.
MIT or Apache 2.0