barretenberg icon indicating copy to clipboard operation
barretenberg copied to clipboard
verified publisher icon AztecProtocol

Hash accumulator in PG

Open ledwards2225 opened this issue 8 months ago • 1 comments

Both the accumulator and the incoming instance need to be hashed in PG for fiat-shamir. The accumulator will be handled differently from the incoming instance since no part of it is hashed elsewhere. (The instance witness is hashed via the PG proof and the precomputed components can be hashed via the VK hash computed in the kernel circuits as part of tree checks).

ledwards2225 avatar May 14 '25 08:05 ledwards2225

Edit: the noir kernel logic will use the VK and the VK hash in a disconnected way. Both will be passed to the backend via verify_proof calls. The actual hashing to connect the two entities will be done in the backend. This approach ensures Kesha's tool is able to easily detect fiat shamir bugs.

ledwards2225 avatar May 16 '25 08:05 ledwards2225

Closed by https://github.com/AztecProtocol/aztec-packages/pull/16243.

lucasxia01 avatar Aug 15 '25 01:08 lucasxia01