frost icon indicating copy to clipboard operation
frost copied to clipboard
verified publisher icon ZcashFoundation

Making the hash function as a Trait

Open kimurayu45z opened this issue 8 months ago • 1 comments

Intro

For example in frost-ristretto255 now it is implemented as FROST(Ristretto255, SHA512) which sha512 is tightly coupled as a hash function.

https://github.com/ZcashFoundation/frost/blob/frost-ristretto255/v2.1.0/frost-ristretto255/src/lib.rs#L129

However the hash function is not specified in the Schnorr signature only if it satisfies the collision resistance in nature.

Proposal

By making a trait like SchnorrHash,

pub trait SchnorrHash {
  fn hash_to_array(inputs: &[&[u8]]) -> [u8; 64];
}

pub struct Sha512;

impl SchnorrHash for Sha512 {
  // TODO
}

and making the struct like Ristretto255<H: SchnorrHash> where now only RistrettoSha512 is served https://github.com/ZcashFoundation/frost/blob/frost-ristretto255/v2.1.0/frost-ristretto255/src/lib.rs#L150

users can choose the hash function of the Schnorr signature.

Ristretto255Sha512 can be an alias of Ristretto255<Sha512> and it can support the compatibility.

Motivation

By using ZK-friendly hash function like Poseidon, a ZK-friendly signature can be generated by FROST(Ristretto, Poseidon)

kimurayu45z avatar Apr 20 '25 23:04 kimurayu45z

Thank you for the suggestion.

FROST ciphersuites are defined as curve+hash pairs, so currently my suggestion is to simply create a new ciphersuite based on frost-ristretto255 (by copying the code) and replacing the hash function. frost-core works with any ciphersuite that implements the Ciphersuite trait, which could be you own implementation.

That being said, we'll study the possibility of specifying the hash function separately.

conradoplg avatar Apr 23 '25 21:04 conradoplg