Hashing, SMT & Crypto Changes
SMT leaf hashing now mixes a Poseidon2 leaf-domain separator into the capacity word, and miden-crypto bumped to 0.25. These are digest-changing: persisted SMT roots, leaf digests, and PartialSmt values from earlier versions do not round-trip.
SMT leaf hashing switched to Poseidon2 domain separation
Summary
The core library's Sparse Merkle Tree leaf hashing (miden::core collections::smt) now mixes a leaf‑domain separator into the Poseidon2 capacity word, so MASM‑side leaf digests match SmtLeaf::hash() in miden-crypto. Leaf preimages are hashed with poseidon2::merge_in_domain using LEAF_DOMAIN = 0x13af. This is a digest‑changing change: any SMT leaf digest, SMT root, or advice‑map key derived from MASM‑side leaf hashing under 0.22 will not reproduce under 0.23. It pairs with the miden-crypto 0.25 bump.
Affected Code
MASM (core‑lib collections::smt, simplified):
- exec.poseidon2::merge assert_eqw
+ push.LEAF_DOMAIN exec.poseidon2::merge_in_domain assert_eqw
The per‑leaf cycle cost also changed (the pair_count coefficient went from 3 to 6), so any hard‑coded cycle‑count expectations around smt::get / smt::set need updating.
Migration Steps
- Re‑derive every persisted SMT root, leaf digest, and advice‑map key computed from a MASM‑side SMT leaf hash under
0.22. - If you compute SMT leaf digests in Rust via
miden-crypto, upgrade to0.25so both sides agree. - Discard cached proofs / transaction artifacts whose witnesses depend on the old leaf hashing.
miden-crypto 0.25 downstream renames
Summary
Bumping to miden-crypto 0.25 (and miden-vm 0.23) surfaces several renames in code that builds against the protocol crates directly:
Felt::new(n)call sites that want the previous (non‑reducing) behaviour are nowFelt::new_unchecked(n)(Felt::newnow reduces modulo the field).- The ECDSA secret key type
ecdsa_k256_keccak::SecretKeyis renamedSigningKey; the EdDSA/X25519 keyeddsa_25519_sha512::SecretKeyisKeyExchangeKey. Falcon'sfalcon512_poseidon2::SecretKeyis unchanged. - The kernel's
EMPTY_SMT_ROOTconstant was recomputed for the Plonky3‑aligned Poseidon2 and the domain‑separatedSmtLeaf::hash— any hard‑coded SMT‑root literal changes. - In kernel/standards MASM, the immediate form of
adv_pushwas dropped and cross‑module‑referenced MASM constants/procedures must be markedpub.
Affected Code
- let f = Felt::new(value);
- use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SecretKey;
- use miden_protocol::crypto::dsa::eddsa_25519_sha512::SecretKey as EdSecretKey;
+ let f = Felt::new_unchecked(value);
+ use miden_protocol::crypto::dsa::ecdsa_k256_keccak::SigningKey;
+ use miden_protocol::crypto::dsa::eddsa_25519_sha512::KeyExchangeKey;
Migration Steps
- Replace
Felt::new(...)withFelt::new_unchecked(...)where you relied on the non‑reducing constructor. - Rename
ecdsa_k256_keccak::SecretKey→SigningKeyandeddsa_25519_sha512::SecretKey→KeyExchangeKey. - Mark any cross‑module‑referenced MASM constants/procedures
pub, and regenerate hard‑codedEMPTY_SMT_ROOT/ SMT‑root literals.
PartialSmt serialization changed
Summary
In miden-crypto 0.25 the serialized byte layout of PartialSmt changed. Old serialized PartialSmt values are not compatible with 0.25 and will not deserialize correctly.
Migration Steps
- Discard any
PartialSmtvalues serialized under an earliermiden-crypto. - Rebuild them from current state, or re‑fetch them under
0.25.
Custom LargeSmt storage backends: reads move to SmtStorageReader
Summary
Custom LargeSmt storage backends need a small trait update: reads moved to a dedicated SmtStorageReader. Writable storage still implements SmtStorage, but now also sets an associated type Reader and returns a point‑in‑time reader via reader(). Read operations go through SmtStorageReader rather than the writable SmtStorage directly.
Migration Steps
- Keep your writable backend implementing
SmtStorage, and add the associatedtype Readerplus areader()method that returns a point‑in‑timeSmtStorageReader. - Move read operations onto the
SmtStorageReaderreturned byreader().
Direct miden-crypto 0.24 API breaks
Summary
For the rare consumers that depend on miden-crypto directly, the 0.24 step carries a few additional API breaks:
- The
WORD_SIZE,WORD_SIZE_FELTS, andWORD_SIZE_BYTESconstants moved toWord::NUM_ELEMENTS/Word::SERIALIZED_SIZE. LexicographicWordis now justWord.Feltno longer derefs.- Custom multi‑AIR prover/verifier code must handle
StarkProoflog trace heights andair_order.
Migration Steps
- Replace
WORD_SIZE/WORD_SIZE_FELTSwithWord::NUM_ELEMENTSandWORD_SIZE_BYTESwithWord::SERIALIZED_SIZE. - Replace
LexicographicWordwithWord. - Remove any reliance on
Felt'sDeref; access the inner value explicitly. - If you maintain custom multi‑AIR prover/verifier code, update it to handle
StarkProoflog trace heights andair_order.