Expression of the Blake3 permutation

Hi there!

I'm working on a Blake3 implemented as a Binius circuit (https://github.com/IrreducibleOSS/binius/pull/16). I'm currently thinking about way of writing a gadget for the Blake3 [permutation](https://github.com/BLAKE3-team/BLAKE3/blob/master/reference_impl/reference_impl.rs#L66). In order to define a proving system (Binius) constraint I need to know the expression the produces equivalent outputs for a given inputs of a [MSG_PERMUTATION](https://github.com/BLAKE3-team/BLAKE3/blob/master/reference_impl/reference_impl.rs#L39) lookup. 

For example the [Rijendael](https://en.wikipedia.org/wiki/Rijndael_S-box) S-Box has following expression (they call it "affine transformation"):


![Image](https://github.com/user-attachments/assets/c5970932-8282-4767-aeea-54e8b57595d8)


This expression can be naturally turned into the proving system constraint. I haven't found such expression in the specification and after some digging and reading several related posts on Math.StackExchange, my understanding on this is that getting similar expression for the S-box defined as a lookup is not a trivial task. Does anyone know such an expression for Blake3 if it ever exists?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expression of the Blake3 permutation #13

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Expression of the Blake3 permutation #13

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions