+When the project started, o1js did not have any support for dynamic table lookups. This means that the SBox step within the AES encryption scheme becomes very expensive as we have to either iterate through all values in our SBox array (256 values to lookup x 16 bytes per block x 11 rounds = 45056 lookups for one block encryption ~ 100,000 constraints) or generate SBox values on the fly. AES' sbox uses Rijndael's Finite Field to perform non-linear substitution which we have implemented. This allows us to drop the number of constraints by over a half (~40,000 constraints).
0 commit comments