Hash function¶

The protocol is parameterized over a set of hash functions \(h\). For a function \(h\), we denote the output finite field of \(h\) as \(\mathbb{F}_h\). If a function \(h\) is used to derive a component \(x\), we refer to the function as \(h_x\), and the corresponding to \(h\) finite field is denoted as \(\mathbb{F}_{h_x}\), or, for simplicity, \(\mathbb{F}_x\).

All \(h_x\) must be:

one-way, in that it is not computationally feasible for any agent to compute the preimage from the hash output
collision-resistant, in that it is not computationally feasible for any agent to find two different preimages which hash to the same value

Multihashing¶

We define the multihash function multihash as the concatenation of:

a k-bit unsigned integer prefix \(n\)
the output of \(h_n\)

Canonical commitments are generated by multihash.