Owner: @Mehmet

Reviewers: 🟢@Hong-Sheng Zhou 🟢@Thomas Lavaur 🟢@Álvaro Castro-Castilla 🟢@Daniel Sanchez Quiros

Introduction

Nomos relies on a variety of cryptographic primitives to ensure security, privacy, and verifiability across its components. This document defines the common cryptographic building blocks used throughout the Nomos design.

Its primary purpose is to standardize the selection and usage of these primitives, provide rationale for each choice, and establish consistency across implementations. It also offers guidance for developers and researchers working on different parts of the system so that all components rely on a coherent and interoperable cryptographic foundation.

Overview

This document specifies the cryptographic primitives selected for Nomos and explains how they interconnect across different layers of the protocol stack. It outlines their technical foundations, rationale, and security considerations to ensure consistent usage across Nomos components.

The primitives span multiple domains:

Hash functions (Poseidon2, BLAKE2b) serve as the base layer for commitments, nullifier derivation, Merkle trees, signature key derivation and general purpose hashing.
Signature schemes (EdDSA, ZkSignature) authenticate messages and participants, with ZkSignature designed specifically for efficient verification within zero-knowledge circuits.
Proof systems (Groth16) enable succinct and verifiable computation. Groth16 is used in hand-written circuits.

Each primitive is chosen for its suitability in a particular context, balancing efficiency, cryptographic strength, and developer usability.

The table below summarizes the recommended component for each context:

Context	Recommended Component
ZK Circuits Hashing	Poseidon2
General Hashing	BLAKE2b
General Signatures	EdDSA
ZK Signatures	ZkSignature (Nomos Specification)
Proof System (SNARK)	Groth16

1. Hash Functions

Nomos utilizes different hash functions depending on the use case context—primarily distinguishing between zero-knowledge circuit contexts and general usage scenarios. Nomos selects hash functions based on their performance characteristics: Poseidon2 for arithmetic-oriented handwritten circuits, and traditional hash functions for bit-oriented operations in ZkVM and general computations.

Poseidon2 (ZK Friendly Hash Function)

Description:

Poseidon2 is a cryptographic hash function designed specifically for arithmetic circuits, frequently used in zero-knowledge proofs. It follows the HADES permutation construction, consisting of multiple rounds of full and partial substitution-box (S-box) applications separated by linear layers.

Technical Details: