feat: Use poseidon for structs hashing (#7383)

Use poseidon2 instead of pedersen for hashing structs in the protocol
AztecProtocol · Aug 2, 2024 · 71acc4e · 71acc4e
1 parent 832b86e
commit 71acc4e
Show file tree

Hide file tree

Showing 95 changed files with 440 additions and 381 deletions.
diff --git a/l1-contracts/src/core/libraries/ConstantsGen.sol b/l1-contracts/src/core/libraries/ConstantsGen.sol
@@ -124,15 +124,15 @@ library Constants {
   uint256 internal constant L2_GAS_PER_NOTE_HASH = 32;
   uint256 internal constant L2_GAS_PER_NULLIFIER = 64;
   uint256 internal constant CANONICAL_KEY_REGISTRY_ADDRESS =
-    2153455745675440165069577621832684870696142028027528497509357256345838682961;
+    1846248480517165521743643626257274710444505994181338106189373716137867887031;
   uint256 internal constant CANONICAL_AUTH_REGISTRY_ADDRESS =
-    18091885756106795278141309801070173692350235742979924147720536894670507925831;
+    291851909807592677788453151491906806151300647123080163180507453297558628774;
   uint256 internal constant DEPLOYER_CONTRACT_ADDRESS =
-    19511485909966796736993840362353440247573331327062358513665772226446629198132;
+    9256947041321027089533495832830405543710101516429552788062967841445602134030;
   uint256 internal constant REGISTERER_CONTRACT_ADDRESS =
-    13402924717071282069537366635406026232165444473509746327951838324587448220160;
+    867409746588255642605883457564767101821478729272763062990600291025697803994;
   uint256 internal constant GAS_TOKEN_ADDRESS =
-    3159976153131520272419617514531889581796079438158800470341967144801191524489;
+    8777298866013239306861859762114222884687709421566494727011568767822269644915;
   uint256 internal constant AZTEC_ADDRESS_LENGTH = 1;
   uint256 internal constant GAS_FEES_LENGTH = 2;
   uint256 internal constant GAS_LENGTH = 2;

diff --git a/noir-projects/aztec-nr/address-note/src/address_note.nr b/noir-projects/aztec-nr/address-note/src/address_note.nr
@@ -1,5 +1,8 @@
 use dep::aztec::{
-    protocol_types::{address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER, hash::poseidon2_hash},
+    protocol_types::{
+    address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER,
+    hash::poseidon2_hash_with_separator
+},
     note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
     oracle::unsafe_rand::unsafe_rand, keys::getters::get_nsk_app, context::PrivateContext
 };
@@ -23,22 +26,24 @@ impl NoteInterface<ADDRESS_NOTE_LEN, ADDRESS_NOTE_BYTES_LEN> for AddressNote {
     fn compute_note_hash_and_nullifier(self, context: &mut PrivateContext) -> (Field, Field) {
         let note_hash_for_nullify = compute_note_hash_for_consumption(self);
         let secret = context.request_nsk_app(self.npk_m_hash);
-        let nullifier = poseidon2_hash([
+        let nullifier = poseidon2_hash_with_separator([
             note_hash_for_nullify,
-            secret,
+            secret
+        ],
             GENERATOR_INDEX__NOTE_NULLIFIER as Field,
-        ]);
+        );
         (note_hash_for_nullify, nullifier)
     }
 
     fn compute_note_hash_and_nullifier_without_context(self) -> (Field, Field) {
         let note_hash_for_nullify = compute_note_hash_for_consumption(self);
         let secret = get_nsk_app(self.npk_m_hash);
-        let nullifier = poseidon2_hash([
+        let nullifier = poseidon2_hash_with_separator([
             note_hash_for_nullify,
-            secret,
+            secret
+        ],
             GENERATOR_INDEX__NOTE_NULLIFIER as Field,
-        ]);
+        );
         (note_hash_for_nullify, nullifier)
     }
 }

diff --git a/noir-projects/aztec-nr/authwit/src/auth.nr b/noir-projects/aztec-nr/authwit/src/auth.nr
@@ -4,7 +4,7 @@ use dep::aztec::protocol_types::{
     GENERATOR_INDEX__AUTHWIT_INNER, GENERATOR_INDEX__AUTHWIT_OUTER, GENERATOR_INDEX__AUTHWIT_NULLIFIER,
     CANONICAL_AUTH_REGISTRY_ADDRESS
 },
-    hash::pedersen_hash
+    hash::poseidon2_hash_with_separator
 };
 use dep::aztec::{prelude::Deserialize, context::{PrivateContext, PublicContext, gas::GasOpts}, hash::hash_args_array};
 
@@ -308,7 +308,7 @@ pub fn compute_authwit_message_hash_from_call<let N: u32>(
  * @param args The arguments to hash
  */
 pub fn compute_inner_authwit_hash<let N: u32>(args: [Field; N]) -> Field {
-    pedersen_hash(args, GENERATOR_INDEX__AUTHWIT_INNER)
+    poseidon2_hash_with_separator(args, GENERATOR_INDEX__AUTHWIT_INNER)
 }
 
 /** 
@@ -320,7 +320,7 @@ pub fn compute_inner_authwit_hash<let N: u32>(args: [Field; N]) -> Field {
  * @param inner_hash The hash of the message to authorize
  */
 pub fn compute_authwit_nullifier(on_behalf_of: AztecAddress, inner_hash: Field) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
         [on_behalf_of.to_field(), inner_hash],
         GENERATOR_INDEX__AUTHWIT_NULLIFIER
     )
@@ -335,7 +335,7 @@ pub fn compute_authwit_nullifier(on_behalf_of: AztecAddress, inner_hash: Field)
  * @param inner_hash The hash of the "inner" message that is being consumed
  */
 pub fn compute_authwit_message_hash(consumer: AztecAddress, chain_id: Field, version: Field, inner_hash: Field) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
         [
         consumer.to_field(),
         chain_id,

diff --git a/noir-projects/aztec-nr/authwit/src/entrypoint/app.nr b/noir-projects/aztec-nr/authwit/src/entrypoint/app.nr
@@ -1,5 +1,8 @@
 use dep::aztec::prelude::PrivateContext;
-use dep::aztec::protocol_types::{constants::GENERATOR_INDEX__SIGNATURE_PAYLOAD, hash::pedersen_hash, traits::{Hash, Serialize}};
+use dep::aztec::protocol_types::{
+    constants::GENERATOR_INDEX__SIGNATURE_PAYLOAD, hash::poseidon2_hash_with_separator,
+    traits::{Hash, Serialize}
+};
 
 use crate::entrypoint::function_call::{FunctionCall, FUNCTION_CALL_SIZE_IN_BYTES};
 
@@ -32,7 +35,7 @@ impl Serialize<APP_PAYLOAD_SIZE> for AppPayload {
 
 impl Hash for AppPayload {
   fn hash(self) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
       self.serialize(),
       GENERATOR_INDEX__SIGNATURE_PAYLOAD
     )

diff --git a/noir-projects/aztec-nr/authwit/src/entrypoint/fee.nr b/noir-projects/aztec-nr/authwit/src/entrypoint/fee.nr
@@ -1,5 +1,8 @@
 use dep::aztec::prelude::PrivateContext;
-use dep::aztec::protocol_types::{constants::GENERATOR_INDEX__FEE_PAYLOAD, hash::pedersen_hash, traits::{Hash, Serialize}};
+use dep::aztec::protocol_types::{
+    constants::GENERATOR_INDEX__FEE_PAYLOAD, hash::poseidon2_hash_with_separator,
+    traits::{Hash, Serialize}
+};
 use crate::entrypoint::function_call::FunctionCall;
 
 // 2 * 5 (FUNCTION_CALL_SIZE) + 2
@@ -33,7 +36,7 @@ impl Serialize<FEE_PAYLOAD_SIZE> for FeePayload {
 
 impl Hash for FeePayload {
   fn hash(self) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
       self.serialize(),
       GENERATOR_INDEX__FEE_PAYLOAD
     )

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr
@@ -1,6 +1,6 @@
 use dep::protocol_types::{
     address::AztecAddress, scalar::Scalar, point::Point, constants::GENERATOR_INDEX__SYMMETRIC_KEY,
-    hash::poseidon2_hash
+    hash::poseidon2_hash_with_separator
 };
 use std::aes128::aes128_encrypt;
 
@@ -41,11 +41,9 @@ impl EncryptedLogOutgoingBody {
         }
 
         // We compute the symmetric key using poseidon.
-        let full_key: [u8; 32] = poseidon2_hash(
-            [
-            ovsk_app.hi, ovsk_app.lo, eph_pk.x, eph_pk.y,
+        let full_key: [u8; 32] = poseidon2_hash_with_separator(
+            [ovsk_app.hi, ovsk_app.lo, eph_pk.x, eph_pk.y],
             GENERATOR_INDEX__SYMMETRIC_KEY as Field
-        ]
         ).to_be_bytes(32).as_array();
 
         let mut sym_key = [0; 16];
@@ -63,7 +61,7 @@ mod test {
     use crate::encrypted_logs::outgoing_body::EncryptedLogOutgoingBody;
     use dep::protocol_types::{
         address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER,
-        scalar::Scalar, point::Point, hash::poseidon2_hash
+        scalar::Scalar, point::Point, hash::poseidon2_hash_with_separator
     };
     use std::embedded_curve_ops::fixed_base_scalar_mul as derive_public_key;
 
@@ -96,7 +94,7 @@ mod test {
         // The following value was generated by `encrypted_log_outgoing_body.test.ts`
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
         let outgoing_body_ciphertext_from_typescript = [
-            126, 10, 214, 39, 130, 143, 96, 143, 79, 143, 22, 36, 55, 41, 234, 255, 226, 26, 138, 236, 91, 188, 204, 216, 172, 133, 134, 69, 161, 237, 134, 5, 75, 192, 10, 6, 229, 54, 194, 56, 103, 243, 57, 248, 147, 237, 4, 3, 39, 28, 226, 30, 237, 228, 212, 115, 246, 244, 105, 39, 129, 119, 126, 207, 176, 14, 75, 134, 241, 23, 2, 187, 239, 86, 47, 56, 239, 20, 92, 176, 70, 12, 219, 226, 150, 70, 192, 43, 125, 53, 230, 153, 135, 228, 210, 197, 227, 106, 242, 138, 119, 83, 182, 150, 233, 111, 9, 104, 128, 222, 85, 136, 205, 244, 77, 230, 210, 217, 223, 106, 220, 4, 115, 33, 157, 212, 217, 133, 87, 179, 67, 158, 81, 85, 226, 105, 22, 8, 154, 130, 193, 214, 144, 212
+            127, 182, 227, 75, 192, 197, 54, 47, 168, 134, 233, 148, 251, 46, 86, 12, 73, 50, 238, 50, 31, 174, 27, 202, 110, 77, 161, 197, 244, 124, 17, 100, 143, 150, 232, 14, 156, 248, 43, 177, 16, 82, 244, 103, 88, 74, 84, 200, 15, 65, 187, 14, 163, 60, 91, 22, 104, 31, 211, 190, 124, 121, 79, 92, 239, 65, 185, 106, 51, 178, 168, 137, 84, 43, 79, 158, 151, 152, 83, 42, 170, 13, 106, 209, 254, 74, 39, 145, 73, 215, 17, 234, 196, 89, 30, 58, 120, 127, 88, 69, 121, 61, 18, 206, 89, 118, 243, 238, 177, 71, 73, 47, 147, 4, 155, 25, 173, 248, 206, 52, 17, 180, 122, 186, 106, 191, 252, 102, 197, 91, 16, 39, 94, 91, 224, 30, 168, 177, 26, 144, 5, 124, 128, 6
         ];
 
         for i in 0..outgoing_body_ciphertext_from_typescript.len() {

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
@@ -143,7 +143,7 @@ mod test {
         // All the values in this test were copied over from `tagged_log.test.ts`
         let contract_address = AztecAddress::from_field(0x10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e04);
         let storage_slot = 0x0fe46be583b71f4ab5b70c2657ff1d05cccf1d292a9369628d1a194f944e6599;
-        let ovsk_app = 0x1b99ba138fa7ef8a2f122a98dd80c8ee70d447218dd780f45e165ac17ca38a5e;
+        let ovsk_app = 0x03a6513d6def49f41d20373d2cec894c23e7492794b08fc50c0e8a1bd2512612;
         let ovpk_m = Point {
             x: 0x1961448682803198631f299340e4206bb12809d4bebbf012b30f59af73ba1a15,
             y: 0x133674060c3925142aceb4f1dcd9f9137d0217d37ff8729ee5ceaa6e2790353d,
@@ -176,7 +176,7 @@ mod test {
         // The following value was generated by `tagged_log.test.ts`
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
         let encrypted_note_log_from_typescript = [
-            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 141, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 126, 79, 51, 186, 47, 71, 253, 172, 99, 112, 241, 59, 197, 241, 107, 186, 232, 87, 187, 230, 171, 62, 228, 234, 42, 51, 145, 146, 238, 242, 42, 71, 206, 13, 244, 66, 111, 195, 20, 203, 98, 148, 204, 242, 145, 183, 156, 29, 141, 54, 44, 220, 194, 35, 229, 16, 32, 204, 211, 49, 142, 112, 82, 202, 116, 241, 254, 146, 42, 217, 20, 189, 70, 228, 182, 171, 205, 104, 27, 99, 171, 28, 91, 244, 21, 30, 130, 240, 5, 72, 174, 124, 97, 197, 157, 248, 204, 203, 140, 171, 181, 152, 130, 169, 179, 41, 52, 173, 45, 43, 198, 1, 152, 72, 158, 249, 11, 41, 9, 160, 48, 78, 123, 132, 203, 140, 215, 13, 22, 201, 88, 255, 139, 154, 76, 20, 63, 134, 125, 108, 239, 208, 63, 59, 33, 117, 139, 225, 184, 0, 64, 153, 21, 131, 204, 111, 41, 84, 23, 144, 222, 245, 200, 12, 234, 11, 48, 10, 221, 20, 252, 38, 122, 40, 249, 66, 248, 197, 198, 209, 79, 20, 59, 66, 197, 215, 16, 18, 145, 228, 239, 124, 81, 67, 103, 49, 196, 58, 228, 195, 64, 199, 243, 184, 112, 173, 29, 196, 215, 77, 217, 85, 82, 149, 113, 76, 201, 93, 95, 148, 37, 95, 222, 233, 210, 150, 1, 182, 28, 132, 59, 148, 156, 129, 36, 230, 55, 199, 149, 36, 205, 103, 212, 60, 151, 141, 10, 151, 222, 151, 180, 43, 91, 148, 201, 110, 165, 10, 238, 32, 134, 235, 99, 216, 200, 182, 31, 22, 156, 18, 209, 222, 172, 239, 193, 212, 86, 99, 62, 70, 182, 45, 175, 241, 91, 202, 179, 225, 99, 1, 150, 232, 2, 252, 20, 83, 49, 132, 162, 93, 116, 212, 87, 71, 211, 58, 159, 163, 40, 253, 31, 3, 192, 48, 14, 201, 80, 24, 135, 154, 207, 58, 140, 128, 29, 101, 207, 189, 182, 191, 71, 210, 64, 172, 131, 83, 46, 232, 19, 216, 183, 108, 234, 17, 104, 60, 113, 231, 145, 195, 157, 24
+            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 141, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 126, 79, 51, 186, 47, 71, 253, 172, 99, 112, 241, 59, 197, 241, 107, 186, 232, 87, 187, 230, 171, 62, 228, 234, 42, 51, 145, 146, 238, 242, 42, 71, 206, 13, 244, 66, 111, 195, 20, 203, 98, 148, 204, 242, 145, 183, 156, 29, 141, 54, 44, 220, 194, 35, 229, 16, 32, 204, 211, 49, 142, 112, 82, 202, 116, 241, 254, 146, 42, 217, 20, 189, 70, 228, 182, 171, 205, 104, 27, 99, 171, 28, 91, 244, 21, 30, 130, 240, 5, 72, 174, 124, 97, 197, 157, 248, 193, 23, 193, 76, 46, 141, 144, 70, 211, 45, 67, 167, 218, 129, 140, 104, 190, 41, 110, 249, 209, 68, 106, 135, 164, 80, 235, 63, 101, 80, 32, 13, 38, 99, 145, 91, 11, 173, 151, 231, 247, 65, 153, 117, 229, 167, 64, 239, 182, 126, 235, 83, 4, 169, 8, 8, 160, 4, 235, 252, 21, 96, 84, 161, 69, 145, 145, 215, 254, 161, 117, 246, 198, 65, 89, 179, 194, 90, 19, 121, 12, 202, 114, 80, 195, 14, 60, 128, 105, 142, 100, 86, 90, 108, 157, 219, 22, 172, 20, 121, 195, 25, 159, 236, 2, 70, 75, 42, 37, 34, 2, 17, 149, 20, 176, 32, 18, 204, 56, 117, 121, 34, 15, 3, 88, 123, 64, 68, 74, 233, 63, 59, 131, 222, 194, 192, 167, 110, 217, 10, 128, 73, 129, 172, 205, 103, 212, 60, 151, 141, 10, 151, 222, 151, 180, 43, 91, 148, 201, 110, 165, 10, 238, 32, 134, 235, 99, 216, 200, 182, 31, 22, 156, 18, 209, 222, 172, 239, 193, 212, 86, 99, 62, 70, 182, 45, 175, 241, 91, 202, 179, 225, 99, 1, 150, 232, 2, 252, 20, 83, 49, 132, 162, 93, 116, 212, 87, 71, 211, 58, 159, 163, 40, 253, 31, 3, 192, 48, 14, 201, 80, 24, 135, 154, 207, 58, 140, 128, 29, 101, 207, 189, 182, 191, 71, 210, 64, 172, 131, 83, 46, 232, 19, 216, 183, 108, 234, 17, 104, 60, 113, 231, 145, 195, 157, 24
         ];
         for i in 0..encrypted_note_log_from_typescript.len() {
             assert_eq(log[i], encrypted_note_log_from_typescript[i]);

diff --git a/noir-projects/aztec-nr/aztec/src/hash.nr b/noir-projects/aztec-nr/aztec/src/hash.nr
@@ -14,7 +14,7 @@ use dep::protocol_types::{
 use crate::oracle::logs_traits::{LensForEncryptedLog, ToBytesForUnencryptedLog};
 
 pub fn compute_secret_hash(secret: Field) -> Field {
-    pedersen_hash([secret], GENERATOR_INDEX__SECRET_HASH)
+    poseidon2_hash_with_separator([secret], GENERATOR_INDEX__SECRET_HASH)
 }
 
 pub fn compute_unencrypted_log_hash<T, let N: u32, let M: u32>(
@@ -72,7 +72,7 @@ pub fn compute_message_hash(
 // The nullifier of a l1 to l2 message is the hash of the message salted with the secret and index of the message hash
 // in the L1 to L2 message tree
 pub fn compute_message_nullifier(message_hash: Field, secret: Field, leaf_index: Field) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
         [message_hash, secret, leaf_index],
         GENERATOR_INDEX__MESSAGE_NULLIFIER
     )

diff --git a/noir-projects/aztec-nr/aztec/src/history/public_storage.nr b/noir-projects/aztec-nr/aztec/src/history/public_storage.nr
@@ -1,6 +1,6 @@
 use dep::protocol_types::{
-    constants::GENERATOR_INDEX__PUBLIC_LEAF_INDEX, hash::pedersen_hash, address::AztecAddress,
-    header::Header, utils::field::full_field_less_than
+    constants::GENERATOR_INDEX__PUBLIC_LEAF_INDEX, hash::poseidon2_hash_with_separator,
+    address::AztecAddress, header::Header, utils::field::full_field_less_than
 };
 use std::merkle::compute_merkle_root;
 
@@ -13,7 +13,7 @@ trait PublicStorageHistoricalRead {
 impl PublicStorageHistoricalRead for Header { 
     fn public_storage_historical_read(self, storage_slot: Field, contract_address: AztecAddress) -> Field {
         // 1) Compute the leaf slot by siloing the storage slot with the contract address
-        let public_data_tree_index = pedersen_hash(
+        let public_data_tree_index = poseidon2_hash_with_separator(
             [contract_address.to_field(), storage_slot],
             GENERATOR_INDEX__PUBLIC_LEAF_INDEX
         );

diff --git a/noir-projects/aztec-nr/aztec/src/initializer.nr b/noir-projects/aztec-nr/aztec/src/initializer.nr
@@ -1,5 +1,5 @@
 use dep::protocol_types::{
-    address::AztecAddress, hash::{compute_siloed_nullifier, pedersen_hash},
+    address::AztecAddress, hash::{compute_siloed_nullifier, poseidon2_hash_with_separator},
     constants::GENERATOR_INDEX__CONSTRUCTOR, abis::function_selector::FunctionSelector
 };
 
@@ -61,7 +61,7 @@ pub fn assert_initialization_matches_address_preimage_private(context: PrivateCo
 }
 
 pub fn compute_initialization_hash(init_selector: FunctionSelector, init_args_hash: Field) -> Field {
-    pedersen_hash(
+    poseidon2_hash_with_separator(
         [init_selector.to_field(), init_args_hash],
         GENERATOR_INDEX__CONSTRUCTOR
     )

diff --git a/noir-projects/aztec-nr/aztec/src/keys/public_keys.nr b/noir-projects/aztec-nr/aztec/src/keys/public_keys.nr
@@ -1,6 +1,6 @@
 use dep::protocol_types::{
-    address::PublicKeysHash, constants::GENERATOR_INDEX__PUBLIC_KEYS_HASH, hash::poseidon2_hash,
-    point::Point, traits::{Deserialize, Serialize, Empty, is_empty}
+    address::PublicKeysHash, constants::GENERATOR_INDEX__PUBLIC_KEYS_HASH,
+    hash::poseidon2_hash_with_separator, point::Point, traits::{Deserialize, Serialize, Empty, is_empty}
 };
 use crate::keys::constants::{NUM_KEY_TYPES, NULLIFIER_INDEX, INCOMING_INDEX, OUTGOING_INDEX};
 
@@ -39,7 +39,7 @@ impl PublicKeys {
             if is_empty(self) {
             0
         } else {
-            poseidon2_hash(
+            poseidon2_hash_with_separator(
                 [
                 self.npk_m.x,
                 self.npk_m.y,
@@ -52,9 +52,9 @@ impl PublicKeys {
                 self.ovpk_m.is_infinite as Field,
                 self.tpk_m.x,
                 self.tpk_m.y,
-                self.tpk_m.is_infinite as Field,
+                self.tpk_m.is_infinite as Field
+            ],
                 GENERATOR_INDEX__PUBLIC_KEYS_HASH as Field
-            ]
             )
         }
         )
@@ -114,7 +114,7 @@ fn compute_public_keys_hash() {
     };
 
     let actual = keys.hash();
-    let expected_public_keys_hash = 0x146f68c0e0ba4067d61a3304bbfdec0797d5df1357db6c01247c48bfb345c7d7;
+    let expected_public_keys_hash = 0x0fecd9a32db731fec1fded1b9ff957a1625c069245a3613a2538bd527068b0ad;
 
     assert(actual.to_field() == expected_public_keys_hash);
 }

diff --git a/noir-projects/aztec-nr/aztec/src/state_vars/private_immutable.nr b/noir-projects/aztec-nr/aztec/src/state_vars/private_immutable.nr
@@ -1,4 +1,7 @@
-use dep::protocol_types::{address::AztecAddress, constants::GENERATOR_INDEX__INITIALIZATION_NULLIFIER, hash::pedersen_hash};
+use dep::protocol_types::{
+    address::AztecAddress, constants::GENERATOR_INDEX__INITIALIZATION_NULLIFIER,
+    hash::poseidon2_hash_with_separator
+};
 
 use crate::context::{PrivateContext, UnconstrainedContext};
 use crate::note::{
@@ -32,7 +35,7 @@ impl<Note, Context> PrivateImmutable<Note, Context> {
     // This is especially dangerous for initial assignment to elements of a `Map<AztecAddress, PrivateImmutable>` type (for example), because the storage slot often also identifies an actor. 
     // e.g. the initial assignment to `my_map.at(msg.sender)` will leak: `msg.sender`, the fact that an element of `my_map` was assigned-to for the first time, and the contract_address.
     pub fn compute_initialization_nullifier(self) -> Field {
-        pedersen_hash(
+        poseidon2_hash_with_separator(
             [self.storage_slot],
             GENERATOR_INDEX__INITIALIZATION_NULLIFIER
         )

diff --git a/noir-projects/aztec-nr/aztec/src/state_vars/private_mutable.nr b/noir-projects/aztec-nr/aztec/src/state_vars/private_mutable.nr
@@ -1,4 +1,7 @@
-use dep::protocol_types::{address::AztecAddress, constants::GENERATOR_INDEX__INITIALIZATION_NULLIFIER, hash::pedersen_hash};
+use dep::protocol_types::{
+    address::AztecAddress, constants::GENERATOR_INDEX__INITIALIZATION_NULLIFIER,
+    hash::poseidon2_hash_with_separator
+};
 
 use crate::context::{PrivateContext, UnconstrainedContext};
 use crate::note::{
@@ -36,7 +39,7 @@ impl<Note, Context> PrivateMutable<Note, Context> {
     // Note: subsequent nullification of this state variable, via the `replace` method will not be leaky, if the `compute_note_hash_and_nullifier()` method of the underlying note is designed to ensure privacy.
     // For example, if the `compute_note_hash_and_nullifier()` method injects the secret key of a note owner into the computed nullifier's preimage.
     pub fn compute_initialization_nullifier(self) -> Field {
-        pedersen_hash(
+        poseidon2_hash_with_separator(
             [self.storage_slot],
             GENERATOR_INDEX__INITIALIZATION_NULLIFIER
         )