arkworks-rs / sponge Goto Github PK

It's likely https://eprint.iacr.org/2021/373 improves constructing Merkle trees here, although I've not explored this.

Design issue for a sponge trait that should be used across all projects that rely on the FS transform.

Tentative API:

pub enum ChallengeSize {
    /// Sample challenges from the entire field.
    Full,
    /// Sample challenges from a subset of the field of size 2^num_bits.
    Truncated { num_bits: usize },
}
pub trait FiatShamirSponge<F: Field> {
    fn absorb(&mut self, input: impl Absorbable<F, S>);
    fn squeeze(&mut self) -> F {
        self.squeeze_with_size(ChallengeSize::Full)
    }
    fn squeeze_with_size(&mut self, size: ChallengeSize) -> F;
}

pub trait Absorbable<F: Field, S: FiatShamirSponge<F>> {
	fn absorb_with_sponge(&self, sponge: &mut S);
}

Things to note:

• Input is generic. This allows us to easily represent both byte-based and field-based sponges (eg: Blake2s and Poseidon)
• The output is not generic, which means that this API is unsuitable for things like hashing to the curve. (The latter is useful in discrete-log protocols). Is this something we want to support (i.e. a sponge with generic output type?)

Is the foregoing API sufficient for usecases like Fractal? I think it suffices for the Marlin compiler, and for poly-commit and accumulation-scheme challenge generation.

Prior work:

• merlin
• Coda's trait, and also their impl
• @ValarDragon's impl
• Halo's impl

Apologies if this is naive question, but is this sponge crate meant just to provide hashing inside a SNARK or should it also provide things like a transcript type implementing ark_std::io::Write so that ark_ff::bytes::ToBytes works? If brief, does ark_merlin make any sense?

For Admin Use

• Not duplicate issue
• Appropriate labels applied
• Appropriate contributors tagged
• Contributor assigned/self-assigned

From meeting:

• sponge outputs should be n bits, n bytes, and n field elements
• make a SpongeParams trait which has a few parameters:
  • BLOCK_SIZE_IN_BITS
  • BLOCK_SIZE_IN_FE
  • ComputationType: enum { Binary, Algebraic}
• absorbable should take as input params: SpongeParams, and then make decisions on how to serialize itself to optimize for better efficiency with the sponge (mostly useful for curve point serialization)

trait Absorbable {
	fn to_bytes_with_params(_params: SpongeParams) {
		Self::to_bytes()
	}
	
	fn to_bytes();
	
	// similar for field elements
}

TODO: Find better name for Sponge trait