-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add keccak256 hasher for transcript #2
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First pass review.
src/transcript.rs
Outdated
let hasher_lo = state_lo.clone(); | ||
let hasher_hi = state_hi.clone(); | ||
let result_lo: [u8; 32] = hasher_lo.finalize().as_slice().try_into().unwrap(); | ||
let result_hi: [u8; 32] = hasher_hi.finalize().as_slice().try_into().unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need the hasher_*
variables?
let hasher_lo = state_lo.clone(); | |
let hasher_hi = state_hi.clone(); | |
let result_lo: [u8; 32] = hasher_lo.finalize().as_slice().try_into().unwrap(); | |
let result_hi: [u8; 32] = hasher_hi.finalize().as_slice().try_into().unwrap(); | |
let result_lo: [u8; 32] = state_lo.finalize().as_slice().try_into().unwrap(); | |
let result_hi: [u8; 32] = state_hi.finalize().as_slice().try_into().unwrap(); |
src/transcript.rs
Outdated
state_lo.update(&[KECCAK256_PREFIX_CHALLENGE_LO]); | ||
state_hi.update(&[KECCAK256_PREFIX_CHALLENGE_HI]); | ||
let hasher_lo = state_lo.clone(); | ||
let hasher_hi = state_hi.clone(); | ||
let result_lo: [u8; 32] = hasher_lo.finalize().as_slice().try_into().unwrap(); | ||
let result_hi: [u8; 32] = hasher_hi.finalize().as_slice().try_into().unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
state_lo.update(&[KECCAK256_PREFIX_CHALLENGE_LO]); | |
state_hi.update(&[KECCAK256_PREFIX_CHALLENGE_HI]); | |
let hasher_lo = state_lo.clone(); | |
let hasher_hi = state_hi.clone(); | |
let result_lo: [u8; 32] = hasher_lo.finalize().as_slice().try_into().unwrap(); | |
let result_hi: [u8; 32] = hasher_hi.finalize().as_slice().try_into().unwrap(); | |
state_lo.update(&[KECCAK256_PREFIX_CHALLENGE_LO]); | |
state_hi.update(&[KECCAK256_PREFIX_CHALLENGE_HI]); | |
let result_lo: [u8; 32] = state_lo.finalize().as_slice().try_into().unwrap(); | |
let result_hi: [u8; 32] = state_hi.finalize().as_slice().try_into().unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM modulo questions.
Implement `ff::PrimeField::to_repr` for `bn256::Fq2`
We need to rebase and merge this. @kilic |
61a4cd0
to
e0b7d10
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
…ijie/gpu fix: align timer
Keccak256 option added to transcript.
What is different than blake2b procedure is output size of keccak256 is 32 bytes where it is 64 with blake2. We can of cource find a field element from 32 bytes of keccak256 output but it'd introduce a modulus bias. So in order to make output 64 bytes we followed the approach below.
Notice that whereas
KECCAK256_PREFIX_CHALLENGE
is contributed to the running stateKECCAK256_PREFIX_CHALLENGE_LO
andKECCAK256_PREFIX_CHALLENGE_HI
prefixes are forking the state.Two 32 bytes result is concatenated to be reduced into a field element with
from_u512
method.