From 1b53e3b6939924b2b070ef5ce27f71562fe79bab Mon Sep 17 00:00:00 2001
From: Ahmad Afuni <root@ahmadafuni.com>
Date: Wed, 12 Mar 2025 00:00:27 +1000
Subject: [PATCH] Replace leaf hash function (#129)

---
 src/backends/plonky2/primitives/merkletree.rs | 22 ++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/backends/plonky2/primitives/merkletree.rs b/src/backends/plonky2/primitives/merkletree.rs
index 67b5820..bcae7ce 100644
--- a/src/backends/plonky2/primitives/merkletree.rs
+++ b/src/backends/plonky2/primitives/merkletree.rs
@@ -171,6 +171,21 @@ impl MerkleTree {
     }
 }
 
+/// Hash function for key-value pairs. Different branch pair hashes to
+/// mitigate fake proofs.
+pub fn kv_hash(key: &Value, value: Option<Value>) -> Hash {
+    value
+        .map(|v| {
+            Hash(
+                PoseidonHash::hash_no_pad(
+                    &[key.0.to_vec(), v.0.to_vec(), vec![GoldilocksField(1)]].concat(),
+                )
+                .elements,
+            )
+        })
+        .unwrap_or(Hash([GoldilocksField(0); 4]))
+}
+
 impl<'a> IntoIterator for &'a MerkleTree {
     type Item = (&'a Value, &'a Value);
     type IntoIter = Iter<'a>;
@@ -231,9 +246,7 @@ impl MerkleProof {
         }
 
         let path = keypath(max_depth, *key)?;
-        let mut h = value
-            .map(|v| Hash(PoseidonHash::hash_no_pad(&[key.0, v.0].concat()).elements))
-            .unwrap_or(Hash([GoldilocksField(0); 4]));
+        let mut h = kv_hash(key, value);
         for (i, sibling) in self.siblings.iter().enumerate().rev() {
             let input: Vec<F> = if path[i] {
                 [sibling.0, h.0].concat()
@@ -493,8 +506,7 @@ impl Leaf {
         })
     }
     fn compute_hash(&mut self) -> Hash {
-        let input: Vec<F> = [self.key.0, self.value.0].concat();
-        let h = Hash(PoseidonHash::hash_no_pad(&input).elements);
+        let h = kv_hash(&self.key, Some(self.value));
         self.hash = Some(h);
         h
     }