Giulio

> I disagree. They rejected that on the grounds that it allows collisions. In their response to me they noted: Yes, you are right. > The point here is that...

> I made this PR on yours to make these changes. Happy to discuss further. [giuliop#1](https://github.com/giuliop/go-algorand/pull/1) Thank you, I will review tonight!

I incorporated your changes and made two new changes: 1. I made the opcode fail on empty input, to be more conservative. In a zk circuit there is no concept...

> Could you add mimcVersion to `experiments` so we don't release it to mainnet by mistake if we bump LogicVersion before this is completely ready? `var experiments = []uint64{spOpcodesVersion, mimcVersion}`...

Got it, thank you. I am building an application that needs the new mimc opcode, right now I am testing it on a forked node that implements this PR. It's...

For what is worth in Ethereum land they also use a f(x) = x^5, see [here](https://crypto.ethereum.org/bounties/mimc-hash-challenge) for a challenge bounty offered by the Ethereum foundation to find collision for mimc...

> Got it, thank you. I am building an application that needs the new mimc opcode, right now I am testing it on a forked node that implements this PR....

I did some research on gnark's Miyaguchi-Preneel construction for MiMC pointed out by Chris' comment to see if there were some additional findings on it but did not find anything...

> Coming back to this... I think that “option 1” from [this comment](https://github.com/algorand/go-algorand/pull/5978#issuecomment-2143856099) can be reasonable, with caveats. I agree on all the points raised, tackling them in reverse order,...

Thinking about it I realized we don't really need to pass two arguments to `mimc`, one for the curve and one for the other configuration parameters, since the curve is...