Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Implement Transcript abstraction for Poseidon #255

Open
adr1anh opened this issue Jan 11, 2024 · 1 comment
Open

feat: Implement Transcript abstraction for Poseidon #255

adr1anh opened this issue Jan 11, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@adr1anh
Copy link
Contributor

adr1anh commented Jan 11, 2024

A full Fiat-Shamir transcript primitive is missing for native and corresponding circuit use cases. At the moment, we only have the RO trait which is essentially just a 1-round transcript.

We want the same interface as the existing ROTrait, but with the ability to perform multiple absorbs and squeezes to generate challenges over several rounds of incoming prover data.

  • Small challenges are useful for reducing the cost of a scalar multiplication performed in the circuit. The CycleFold circuit is designed to support any sized scalar and the performance is independent of this size. Therefore, we do not need to decompose the challenge from the transcript output which costs an additional ~254 constraints and variables.
  • A simple initial implementation could use the existing code for the RO trait. The transcript caches the previously squeezed challenge and prepends it to the next list of elements that are added to the transcript. In a more complex version, we would use neptune's IOPattern to define the exact sequence of absorbs and squeezes throughout the protocol.
  • It seems like we can remove the num_absorbs parameter from RO::new() since it is only used by the squeeze function when initializing the Poseidon state. We can instead compute this from the size of the state.
@adr1anh adr1anh added the enhancement New feature or request label Jan 11, 2024
huitseeker pushed a commit to huitseeker/arecibo that referenced this issue Jan 14, 2024
@ashWhiteHat
Reduce duplicate code across different curve cycle providers (argumen…
3e05f5d 
…tcomputer#255)

* refactor: impl folding macro

* refactor: generalize curve test

* chore: rename impl_folding to impl_engine
gabriel-barrett pushed a commit to gabriel-barrett/arecibo that referenced this issue Feb 9, 2024
@huitseeker @field-worker
@ashWhiteHat @srinathsetty
More Nova forward ports (argumentcomputer#135)
e985fc4 
* Small code improvement to the minroot example (argumentcomputer#264)

about 10% improvement for the non-release mode

* Reduce duplicate code across different curve cycle providers (argumentcomputer#255)

* refactor: impl folding macro

* refactor: generalize curve test

* chore: rename impl_folding to impl_engine

* reorganize provider module (argumentcomputer#267)

---------

Co-authored-by: field-worker <151173028+field-worker@users.noreply.github.com>
Co-authored-by: ashWhiteHat <phantomofrotten@gmail.com>
Co-authored-by: Srinath Setty <srinath@microsoft.com>
@adr1anh
Copy link
Contributor Author

adr1anh commented Feb 13, 2024

Very rough implementation exists here.

Missing:

  • Proper trait for into_field_iter()
  • Handling different Commitment over E and Dual<E>
  • Usage of SAFE API (deriving the fixed IO pattern could be tricky)
  • Better handle on Poseidon arity (currently fixed to 24)
  • Separate primary commitment hashing from constants

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adr1anh