From aa05b2481bb20d969319714c2794b64fd8aee1d0 Mon Sep 17 00:00:00 2001 From: masatsch Date: Thu, 21 Sep 2023 11:26:55 +0900 Subject: [PATCH 1/9] add tiny-keccak --- Cargo.toml | 2 + src/transcript/keccak.rs | 110 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 src/transcript/keccak.rs diff --git a/Cargo.toml b/Cargo.toml index a8f99d54..954bb85d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,8 @@ ark-std = "^0.4.0" ark-crypto-primitives = { version = "^0.4.0", default-features = false, features = ["r1cs", "sponge"] } ark-relations = { version = "^0.4.0", default-features = false } ark-r1cs-std = { version = "^0.4.0", default-features = false } +tiny-keccak = { version = "2.0", features = ["keccak"] } +sha3 = "0.10.8" thiserror = "1.0" rayon = "1.7.0" diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs new file mode 100644 index 00000000..9dfb070d --- /dev/null +++ b/src/transcript/keccak.rs @@ -0,0 +1,110 @@ +use std::marker::PhantomData; +use tiny_keccak::{Keccak, Hasher}; +use ark_ec::{AffineRepr, CurveGroup}; +use ark_ff::{BigInteger, Field, PrimeField}; + +use crate::transcript::Transcript; + +/// KecccakTranscript implements the Transcript trait using the Keccak hash +pub struct KeccakTranscript { + sponge: Keccak, + phantom: PhantomData, +} + +#[derive(Debug)] +pub struct KeccakConfig {} + +impl Transcript for KeccakTranscript { + type TranscriptConfig = KeccakConfig; + fn new(config: &Self::TranscriptConfig) -> Self { + let _ = config; + let sponge = Keccak::v256(); + Self { + sponge, + phantom: PhantomData, + } + } + + fn absorb(&mut self, v: &C::ScalarField) { + self.sponge.update(&(v.into_bigint().to_bytes_le())); + } + fn absorb_vec(&mut self, v: &[C::ScalarField]) { + // TODO + } + fn absorb_point(&mut self, p: &C) { + self.sponge.update(&prepare_point(p)) + } + + fn get_challenge(&mut self) -> C::ScalarField { + let mut output = [0u8; 32]; + self.sponge.clone().finalize(&mut output); + self.sponge.update(&[output[0]]); + C::ScalarField::from_le_bytes_mod_order(&[output[0]]) + } + fn get_challenge_nbits(&mut self, nbits: usize) -> Vec { + // TODO + vec![] + } + fn get_challenges(&mut self, n: usize) -> Vec { + let mut output = [0u8; 32]; + self.sponge.clone().finalize(&mut output); + self.sponge.update(&[output[0]]); + + let c = output + .iter() + .map(|c| C::ScalarField::from_le_bytes_mod_order(&[*c])) + .collect(); + c + } +} + +// Returns the point coordinates in Fr, so it can be absrobed by the transcript. It does not work +// over bytes in order to have a logic that can be reproduced in-circuit. +fn prepare_point(p: &C) -> Vec { + let binding = p.into_affine(); + let p_coords = &binding.xy().unwrap(); + let x_bi = p_coords + .0 + .to_base_prime_field_elements() + .next() + .expect("a") + .into_bigint() + .to_bytes_le(); + let mut y_bi = p_coords + .1 + .to_base_prime_field_elements() + .next() + .expect("a") + .into_bigint() + .to_bytes_le(); + + y_bi.extend(x_bi); + y_bi +} + +#[cfg(test)] +pub mod tests { + use super::*; + use ark_pallas::{ + // constraints::GVar, + Fr, Projective + }; + + /// WARNING the method poseidon_test_config is for tests only + #[cfg(test)] + pub fn keccak_test_config() -> KeccakConfig { + KeccakConfig {} + } + + #[test] + fn test_transcript_and_transcriptvar_get_challenge() { + // use 'native' transcript + let config = keccak_test_config::(); + let mut tr = KeccakTranscript::::new(&config); + tr.absorb(&Fr::from(42_u32)); + let c = tr.get_challenge(); + + // TODO + // assert_eq!(); + } +} From b1601116eadfbd7dbae9241a76beea48bd95bb8e Mon Sep 17 00:00:00 2001 From: masatsch Date: Thu, 21 Sep 2023 11:27:06 +0900 Subject: [PATCH 2/9] add sha3 --- src/transcript/mod.rs | 2 + src/transcript/sha3.rs | 111 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 src/transcript/sha3.rs diff --git a/src/transcript/mod.rs b/src/transcript/mod.rs index ccfc59c8..e7e68816 100644 --- a/src/transcript/mod.rs +++ b/src/transcript/mod.rs @@ -2,6 +2,8 @@ use ark_ec::CurveGroup; use ark_std::fmt::Debug; pub mod poseidon; +pub mod keccak; +pub mod sha3; pub trait Transcript { type TranscriptConfig: Debug; diff --git a/src/transcript/sha3.rs b/src/transcript/sha3.rs new file mode 100644 index 00000000..1e1dc9e2 --- /dev/null +++ b/src/transcript/sha3.rs @@ -0,0 +1,111 @@ +use std::marker::PhantomData; +use sha3::{Shake256, digest::*}; +use ark_ec::{AffineRepr, CurveGroup}; +use ark_ff::{BigInteger, Field, PrimeField}; + +use crate::transcript::Transcript; + +/// KecccakTranscript implements the Transcript trait using the Keccak hash +pub struct SHA3Transcript { + sponge: Shake256, + phantom: PhantomData, +} + +#[derive(Debug)] +pub struct SHA3Config {} + +impl Transcript for SHA3Transcript { + type TranscriptConfig = SHA3Config; + fn new(config: &Self::TranscriptConfig) -> Self { + let _ = config; + let sponge = Shake256::default(); + Self { + sponge, + phantom: PhantomData, + } + } + + fn absorb(&mut self, v: &C::ScalarField) { + self.sponge.update(&(v.into_bigint().to_bytes_le())); + } + fn absorb_vec(&mut self, v: &[C::ScalarField]) { + for _v in v { + self.sponge.update(&(_v.into_bigint().to_bytes_le())); + } + } + fn absorb_point(&mut self, p: &C) { + self.sponge.update(&prepare_point(p)) + } + + fn get_challenge(&mut self) -> C::ScalarField { + let output = self.sponge.clone().finalize_boxed(200); + self.sponge.update(&[output[0]]); + C::ScalarField::from_le_bytes_mod_order(&[output[0]]) + } + fn get_challenge_nbits(&mut self, nbits: usize) -> Vec { + // TODO + // should call finalize() then slice the output to n bit challenge + vec![] + } + fn get_challenges(&mut self, n: usize) -> Vec { + let output = self.sponge.clone().finalize_boxed(n); + self.sponge.update(&[output[0]]); + + let c = output + .iter() + .map(|c| C::ScalarField::from_le_bytes_mod_order(&[*c])) + .collect(); + c + } +} + +// Returns the point coordinates in Fr, so it can be absrobed by the transcript. It does not work +// over bytes in order to have a logic that can be reproduced in-circuit. +fn prepare_point(p: &C) -> Vec { + let binding = p.into_affine(); + let p_coords = &binding.xy().unwrap(); + let x_bi = p_coords + .0 + .to_base_prime_field_elements() + .next() + .expect("a") + .into_bigint() + .to_bytes_le(); + let mut y_bi = p_coords + .1 + .to_base_prime_field_elements() + .next() + .expect("a") + .into_bigint() + .to_bytes_le(); + + y_bi.extend(x_bi); + y_bi +} + +#[cfg(test)] +pub mod tests { + use super::*; + use ark_pallas::{ + // constraints::GVar, + Fr, Projective + }; + + /// WARNING the method poseidon_test_config is for tests only + #[cfg(test)] + pub fn keccak_test_config() -> SHA3Config { + SHA3Config {} + } + + #[test] + fn test_transcript_and_transcriptvar_get_challenge() { + // use 'native' transcript + let config = keccak_test_config::(); + let mut tr = SHA3Transcript::::new(&config); + tr.absorb(&Fr::from(42_u32)); + let c = tr.get_challenge(); + + // TODO + // assert_eq!(); + } +} From eed349e59071d85cf25dbb059d11a8d916abd955 Mon Sep 17 00:00:00 2001 From: masatsch Date: Thu, 21 Sep 2023 15:34:43 +0900 Subject: [PATCH 3/9] add pederson keccak test --- src/pedersen.rs | 23 +++++++++++++++++++++++ src/transcript/keccak.rs | 20 +++++++++++++++++--- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/pedersen.rs b/src/pedersen.rs index 16af2e5a..cd25cc81 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -117,4 +117,27 @@ mod tests { let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); assert!(v); } + + use crate::transcript::keccak::{tests::keccak_test_config, KeccakTranscript}; + #[test] + fn test_pedersen_vector_keccak() { + let mut rng = ark_std::test_rng(); + + const n: usize = 10; + // setup params + let params = Pedersen::::new_params(&mut rng, n); + let keccak_config = keccak_test_config::(); + + // init Prover's transcript + let mut transcript_p = KeccakTranscript::::new(&keccak_config); + // init Verifier's transcript + let mut transcript_v = KeccakTranscript::::new(&keccak_config); + + let v: Vec = vec![Fr::rand(&mut rng); n]; + let r: Fr = Fr::rand(&mut rng); + let cm = Pedersen::::commit(¶ms, &v, &r); + let proof = Pedersen::::prove(¶ms, &mut transcript_p, &cm, &v, &r); + let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); + assert!(v); + } } diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs index 9dfb070d..b1d1842f 100644 --- a/src/transcript/keccak.rs +++ b/src/transcript/keccak.rs @@ -34,7 +34,6 @@ impl Transcript for KeccakTranscript { fn absorb_point(&mut self, p: &C) { self.sponge.update(&prepare_point(p)) } - fn get_challenge(&mut self) -> C::ScalarField { let mut output = [0u8; 32]; self.sponge.clone().finalize(&mut output); @@ -50,11 +49,11 @@ impl Transcript for KeccakTranscript { self.sponge.clone().finalize(&mut output); self.sponge.update(&[output[0]]); - let c = output + let c: Vec = output .iter() .map(|c| C::ScalarField::from_le_bytes_mod_order(&[*c])) .collect(); - c + c[..n].to_vec() } } @@ -89,6 +88,7 @@ pub mod tests { // constraints::GVar, Fr, Projective }; + use ark_std::UniformRand; /// WARNING the method poseidon_test_config is for tests only #[cfg(test)] @@ -107,4 +107,18 @@ pub mod tests { // TODO // assert_eq!(); } + + #[test] + fn test_transcript_get_challenge() { + let mut rng = ark_std::test_rng(); + + const n: usize = 10; + let config = keccak_test_config::(); + + // init transcript + let mut transcript = KeccakTranscript::::new(&config); + let v: Vec = vec![Fr::rand(&mut rng); n]; + let challenges = transcript.get_challenges(v.len()); + assert_eq!(challenges.len(), n); + } } From b1044084ee8b9c2d14b191e62f4c016ce718f797 Mon Sep 17 00:00:00 2001 From: masatsch Date: Thu, 21 Sep 2023 15:41:31 +0900 Subject: [PATCH 4/9] add pedersen sha3 test --- src/pedersen.rs | 23 +++++++++++++++++++++++ src/transcript/sha3.rs | 19 +++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/src/pedersen.rs b/src/pedersen.rs index cd25cc81..ee6d94d8 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -140,4 +140,27 @@ mod tests { let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); assert!(v); } + + use crate::transcript::sha3::{tests::sha3_test_config, SHA3Transcript}; + #[test] + fn test_pedersen_vector_sha3() { + let mut rng = ark_std::test_rng(); + + const n: usize = 10; + // setup params + let params = Pedersen::::new_params(&mut rng, n); + let sha3_config = sha3_test_config::(); + + // init Prover's transcript + let mut transcript_p = SHA3Transcript::::new(&sha3_config); + // init Verifier's transcript + let mut transcript_v = SHA3Transcript::::new(&sha3_config); + + let v: Vec = vec![Fr::rand(&mut rng); n]; + let r: Fr = Fr::rand(&mut rng); + let cm = Pedersen::::commit(¶ms, &v, &r); + let proof = Pedersen::::prove(¶ms, &mut transcript_p, &cm, &v, &r); + let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); + assert!(v); + } } diff --git a/src/transcript/sha3.rs b/src/transcript/sha3.rs index 1e1dc9e2..1bda299b 100644 --- a/src/transcript/sha3.rs +++ b/src/transcript/sha3.rs @@ -90,17 +90,18 @@ pub mod tests { // constraints::GVar, Fr, Projective }; + use ark_std::UniformRand; /// WARNING the method poseidon_test_config is for tests only #[cfg(test)] - pub fn keccak_test_config() -> SHA3Config { + pub fn sha3_test_config() -> SHA3Config { SHA3Config {} } #[test] fn test_transcript_and_transcriptvar_get_challenge() { // use 'native' transcript - let config = keccak_test_config::(); + let config = sha3_test_config::(); let mut tr = SHA3Transcript::::new(&config); tr.absorb(&Fr::from(42_u32)); let c = tr.get_challenge(); @@ -108,4 +109,18 @@ pub mod tests { // TODO // assert_eq!(); } + + #[test] + fn test_transcript_get_challenge() { + let mut rng = ark_std::test_rng(); + + const n: usize = 10; + let config = sha3_test_config::(); + + // init transcript + let mut transcript = SHA3Transcript::::new(&config); + let v: Vec = vec![Fr::rand(&mut rng); n]; + let challenges = transcript.get_challenges(v.len()); + assert_eq!(challenges.len(), n); + } } From 69cd432b69c341995955a8702c22abaa19cad1ad Mon Sep 17 00:00:00 2001 From: masatsch Date: Thu, 21 Sep 2023 17:07:50 +0900 Subject: [PATCH 5/9] impl absorb_vec --- src/transcript/keccak.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs index b1d1842f..46eb2cc2 100644 --- a/src/transcript/keccak.rs +++ b/src/transcript/keccak.rs @@ -29,7 +29,9 @@ impl Transcript for KeccakTranscript { self.sponge.update(&(v.into_bigint().to_bytes_le())); } fn absorb_vec(&mut self, v: &[C::ScalarField]) { - // TODO + for _v in v { + self.sponge.update(&(_v.into_bigint().to_bytes_le())); + } } fn absorb_point(&mut self, p: &C) { self.sponge.update(&prepare_point(p)) From c8a2b8baf8dd57f0a811ae6791733f0f45cd50c3 Mon Sep 17 00:00:00 2001 From: masatsch Date: Mon, 25 Sep 2023 09:17:33 +0900 Subject: [PATCH 6/9] remove circuit test since we not need keccak circuit for now --- src/transcript/keccak.rs | 12 ------------ src/transcript/sha3.rs | 12 ------------ 2 files changed, 24 deletions(-) diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs index 46eb2cc2..f07f4765 100644 --- a/src/transcript/keccak.rs +++ b/src/transcript/keccak.rs @@ -98,18 +98,6 @@ pub mod tests { KeccakConfig {} } - #[test] - fn test_transcript_and_transcriptvar_get_challenge() { - // use 'native' transcript - let config = keccak_test_config::(); - let mut tr = KeccakTranscript::::new(&config); - tr.absorb(&Fr::from(42_u32)); - let c = tr.get_challenge(); - - // TODO - // assert_eq!(); - } - #[test] fn test_transcript_get_challenge() { let mut rng = ark_std::test_rng(); diff --git a/src/transcript/sha3.rs b/src/transcript/sha3.rs index 1bda299b..3b0a361a 100644 --- a/src/transcript/sha3.rs +++ b/src/transcript/sha3.rs @@ -98,18 +98,6 @@ pub mod tests { SHA3Config {} } - #[test] - fn test_transcript_and_transcriptvar_get_challenge() { - // use 'native' transcript - let config = sha3_test_config::(); - let mut tr = SHA3Transcript::::new(&config); - tr.absorb(&Fr::from(42_u32)); - let c = tr.get_challenge(); - - // TODO - // assert_eq!(); - } - #[test] fn test_transcript_get_challenge() { let mut rng = ark_std::test_rng(); From bf4cdbc3b694b606ab207b332551f9c77fae0e81 Mon Sep 17 00:00:00 2001 From: masatsch Date: Mon, 25 Sep 2023 11:03:39 +0900 Subject: [PATCH 7/9] abstract pedersen vector test --- src/pedersen.rs | 64 ++++++++++--------------------------------------- 1 file changed, 13 insertions(+), 51 deletions(-) diff --git a/src/pedersen.rs b/src/pedersen.rs index ee6d94d8..27663a22 100644 --- a/src/pedersen.rs +++ b/src/pedersen.rs @@ -93,22 +93,20 @@ impl Pedersen { mod tests { use super::*; use crate::transcript::poseidon::{tests::poseidon_test_config, PoseidonTranscript}; + use crate::transcript::keccak::{tests::keccak_test_config, KeccakTranscript}; + use crate::transcript::sha3::{tests::sha3_test_config, SHA3Transcript}; + use crate::transcript::Transcript; use ark_pallas::{Fr, Projective}; - #[test] - fn test_pedersen_vector() { + fn test_pedersen_vector_with>(config: T::TranscriptConfig) { + let mut transcript_p: T = Transcript::::new(&config); + let mut transcript_v: T = Transcript::::new(&config); let mut rng = ark_std::test_rng(); const n: usize = 10; // setup params let params = Pedersen::::new_params(&mut rng, n); - let poseidon_config = poseidon_test_config::(); - - // init Prover's transcript - let mut transcript_p = PoseidonTranscript::::new(&poseidon_config); - // init Verifier's transcript - let mut transcript_v = PoseidonTranscript::::new(&poseidon_config); let v: Vec = vec![Fr::rand(&mut rng); n]; let r: Fr = Fr::rand(&mut rng); @@ -118,49 +116,13 @@ mod tests { assert!(v); } - use crate::transcript::keccak::{tests::keccak_test_config, KeccakTranscript}; #[test] - fn test_pedersen_vector_keccak() { - let mut rng = ark_std::test_rng(); - - const n: usize = 10; - // setup params - let params = Pedersen::::new_params(&mut rng, n); - let keccak_config = keccak_test_config::(); - - // init Prover's transcript - let mut transcript_p = KeccakTranscript::::new(&keccak_config); - // init Verifier's transcript - let mut transcript_v = KeccakTranscript::::new(&keccak_config); - - let v: Vec = vec![Fr::rand(&mut rng); n]; - let r: Fr = Fr::rand(&mut rng); - let cm = Pedersen::::commit(¶ms, &v, &r); - let proof = Pedersen::::prove(¶ms, &mut transcript_p, &cm, &v, &r); - let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); - assert!(v); - } - - use crate::transcript::sha3::{tests::sha3_test_config, SHA3Transcript}; - #[test] - fn test_pedersen_vector_sha3() { - let mut rng = ark_std::test_rng(); - - const n: usize = 10; - // setup params - let params = Pedersen::::new_params(&mut rng, n); - let sha3_config = sha3_test_config::(); - - // init Prover's transcript - let mut transcript_p = SHA3Transcript::::new(&sha3_config); - // init Verifier's transcript - let mut transcript_v = SHA3Transcript::::new(&sha3_config); - - let v: Vec = vec![Fr::rand(&mut rng); n]; - let r: Fr = Fr::rand(&mut rng); - let cm = Pedersen::::commit(¶ms, &v, &r); - let proof = Pedersen::::prove(¶ms, &mut transcript_p, &cm, &v, &r); - let v = Pedersen::::verify(¶ms, &mut transcript_v, cm, proof); - assert!(v); + fn test_pedersen_vector() { + // Test for Poseidon + test_pedersen_vector_with::>(poseidon_test_config::()); + // Test for Keccak + test_pedersen_vector_with::>(keccak_test_config::()); + // Test for SHA3 + test_pedersen_vector_with::>(sha3_test_config::()); } } From bc7b58c1e4cf5c86cde0d178bfa46764ea2baca4 Mon Sep 17 00:00:00 2001 From: masatsch Date: Mon, 25 Sep 2023 11:34:33 +0900 Subject: [PATCH 8/9] just serialize the curve point --- src/transcript/keccak.rs | 32 +++++--------------------------- src/transcript/sha3.rs | 35 ++++++----------------------------- 2 files changed, 11 insertions(+), 56 deletions(-) diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs index f07f4765..4591402a 100644 --- a/src/transcript/keccak.rs +++ b/src/transcript/keccak.rs @@ -1,7 +1,7 @@ use std::marker::PhantomData; use tiny_keccak::{Keccak, Hasher}; -use ark_ec::{AffineRepr, CurveGroup}; -use ark_ff::{BigInteger, Field, PrimeField}; +use ark_ec::CurveGroup; +use ark_ff::{BigInteger, PrimeField}; use crate::transcript::Transcript; @@ -34,7 +34,9 @@ impl Transcript for KeccakTranscript { } } fn absorb_point(&mut self, p: &C) { - self.sponge.update(&prepare_point(p)) + let mut serialized = vec![]; + p.serialize_compressed(&mut serialized).unwrap(); + self.sponge.update(&(serialized)) } fn get_challenge(&mut self) -> C::ScalarField { let mut output = [0u8; 32]; @@ -59,30 +61,6 @@ impl Transcript for KeccakTranscript { } } -// Returns the point coordinates in Fr, so it can be absrobed by the transcript. It does not work -// over bytes in order to have a logic that can be reproduced in-circuit. -fn prepare_point(p: &C) -> Vec { - let binding = p.into_affine(); - let p_coords = &binding.xy().unwrap(); - let x_bi = p_coords - .0 - .to_base_prime_field_elements() - .next() - .expect("a") - .into_bigint() - .to_bytes_le(); - let mut y_bi = p_coords - .1 - .to_base_prime_field_elements() - .next() - .expect("a") - .into_bigint() - .to_bytes_le(); - - y_bi.extend(x_bi); - y_bi -} - #[cfg(test)] pub mod tests { use super::*; diff --git a/src/transcript/sha3.rs b/src/transcript/sha3.rs index 3b0a361a..8ae8ec4a 100644 --- a/src/transcript/sha3.rs +++ b/src/transcript/sha3.rs @@ -1,11 +1,11 @@ use std::marker::PhantomData; use sha3::{Shake256, digest::*}; -use ark_ec::{AffineRepr, CurveGroup}; -use ark_ff::{BigInteger, Field, PrimeField}; +use ark_ec::CurveGroup; +use ark_ff::{BigInteger, PrimeField}; use crate::transcript::Transcript; -/// KecccakTranscript implements the Transcript trait using the Keccak hash +/// SHA3Transcript implements the Transcript trait using the Keccak hash pub struct SHA3Transcript { sponge: Shake256, phantom: PhantomData, @@ -34,9 +34,10 @@ impl Transcript for SHA3Transcript { } } fn absorb_point(&mut self, p: &C) { - self.sponge.update(&prepare_point(p)) + let mut serialized = vec![]; + p.serialize_compressed(&mut serialized).unwrap(); + self.sponge.update(&(serialized)) } - fn get_challenge(&mut self) -> C::ScalarField { let output = self.sponge.clone().finalize_boxed(200); self.sponge.update(&[output[0]]); @@ -59,30 +60,6 @@ impl Transcript for SHA3Transcript { } } -// Returns the point coordinates in Fr, so it can be absrobed by the transcript. It does not work -// over bytes in order to have a logic that can be reproduced in-circuit. -fn prepare_point(p: &C) -> Vec { - let binding = p.into_affine(); - let p_coords = &binding.xy().unwrap(); - let x_bi = p_coords - .0 - .to_base_prime_field_elements() - .next() - .expect("a") - .into_bigint() - .to_bytes_le(); - let mut y_bi = p_coords - .1 - .to_base_prime_field_elements() - .next() - .expect("a") - .into_bigint() - .to_bytes_le(); - - y_bi.extend(x_bi); - y_bi -} - #[cfg(test)] pub mod tests { use super::*; From 0685d375fb2a213173e5f4ada84bc5d0276cc506 Mon Sep 17 00:00:00 2001 From: masatsch Date: Tue, 10 Oct 2023 18:44:26 +0900 Subject: [PATCH 9/9] keccak/sha3 finalize do not change sponge so remove absorb afterwards --- src/transcript/keccak.rs | 15 ++++++++++++--- src/transcript/sha3.rs | 15 ++++++++++++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/transcript/keccak.rs b/src/transcript/keccak.rs index 4591402a..db3f517f 100644 --- a/src/transcript/keccak.rs +++ b/src/transcript/keccak.rs @@ -41,7 +41,6 @@ impl Transcript for KeccakTranscript { fn get_challenge(&mut self) -> C::ScalarField { let mut output = [0u8; 32]; self.sponge.clone().finalize(&mut output); - self.sponge.update(&[output[0]]); C::ScalarField::from_le_bytes_mod_order(&[output[0]]) } fn get_challenge_nbits(&mut self, nbits: usize) -> Vec { @@ -51,7 +50,6 @@ impl Transcript for KeccakTranscript { fn get_challenges(&mut self, n: usize) -> Vec { let mut output = [0u8; 32]; self.sponge.clone().finalize(&mut output); - self.sponge.update(&[output[0]]); let c: Vec = output .iter() @@ -77,7 +75,7 @@ pub mod tests { } #[test] - fn test_transcript_get_challenge() { + fn test_transcript_get_challenges_len() { let mut rng = ark_std::test_rng(); const n: usize = 10; @@ -89,4 +87,15 @@ pub mod tests { let challenges = transcript.get_challenges(v.len()); assert_eq!(challenges.len(), n); } + + #[test] + fn test_transcript_get_challenge() { + let config = keccak_test_config::(); + // init transcript + let mut transcript = KeccakTranscript::::new(&config); + transcript.absorb(&Fr::from(42_u32)); + let c = transcript.get_challenge(); + let c_2 = transcript.get_challenge(); + assert_eq!(c, c_2); + } } diff --git a/src/transcript/sha3.rs b/src/transcript/sha3.rs index 8ae8ec4a..09b7fd52 100644 --- a/src/transcript/sha3.rs +++ b/src/transcript/sha3.rs @@ -40,7 +40,6 @@ impl Transcript for SHA3Transcript { } fn get_challenge(&mut self) -> C::ScalarField { let output = self.sponge.clone().finalize_boxed(200); - self.sponge.update(&[output[0]]); C::ScalarField::from_le_bytes_mod_order(&[output[0]]) } fn get_challenge_nbits(&mut self, nbits: usize) -> Vec { @@ -50,7 +49,6 @@ impl Transcript for SHA3Transcript { } fn get_challenges(&mut self, n: usize) -> Vec { let output = self.sponge.clone().finalize_boxed(n); - self.sponge.update(&[output[0]]); let c = output .iter() @@ -76,7 +74,7 @@ pub mod tests { } #[test] - fn test_transcript_get_challenge() { + fn test_transcript_get_challenges_len() { let mut rng = ark_std::test_rng(); const n: usize = 10; @@ -88,4 +86,15 @@ pub mod tests { let challenges = transcript.get_challenges(v.len()); assert_eq!(challenges.len(), n); } + + #[test] + fn test_transcript_get_challenge() { + let config = sha3_test_config::(); + // init transcript + let mut transcript = SHA3Transcript::::new(&config); + transcript.absorb(&Fr::from(42_u32)); + let c = transcript.get_challenge(); + let c_2 = transcript.get_challenge(); + assert_eq!(c, c_2); + } }