ronkathon
ronkathon copied to clipboard
pluto
feat: fiat shamir transcript
Been looking into this, and studying existing libraries, there are two possible conclusions, either implement a byte-oriented transcript based on Keccak or Blake3 (or other byte-oriented hash functions).
- Keccak is based on sponge construction and can implement sponge for arbitrary length outputs. Thus, can be trivially used for this use case.
- This output needs to be converted into respective field/curve elements based on the needs outside of transcript.
- For legacy functions like SHA2 or Blake2, I think we require XOF to extend the output bytes.
trait Hasher {
fn hash(&mut self, &[u8], buf: &mut [u8]);
}
pub struct Transcript<H: Hasher> {
state: Vec<u8>,
}
impl Transcript {
fn add_message(&mut self, message: &[u8]);
fn create_challenge(&self, buf: &mut [u8]);
}
pub trait ByteHandler<C> {
fn from_bytes(bytes: &[u8]) -> C;
fn to_bytes(c: &C, buf: &mut [u8]);
}
or a field-oriented based on algebraic hash functions like Poseidon. Maybe use SAFE API for designing the sponge.
- Poseidon is also based on permutation network and implements sponge for arbitrary length outputs.
- Will be easier to use with proof systems but not for other protocols that use Fiat-Shamir like sigma protocols
- To work with them, field elements will have to be converted to bytes/bits, depending on the usage. But this will obviously not cover the whole range due to the field.
Need inputs of which way do you think is more suitable for a universal transcript. Am i missing something, or is there any other way you think this can be implemented?
