taiga
taiga copied to clipboard
A framework for generalized shielded state transitions
Chris's provided links: [Lower-Cost epsilon-Private Information Retrieval](https://arxiv.org/abs/1604.00223v1) https://cs.uwaterloo.ca/~iang/research.html#pir http://percy.sourceforge.net/ http://homepages.cs.ncl.ac.uk/changyu.dong/papers/pir.pdf
hash_to_curve is available in Halo 2. Though, it computes a hash_to_field using Blake2. Currently, we haven't got the blake2 circuit so we plan to replace Blake2 with Sha256, and then...
In the current design, the VP description is the verifier key of the circuit. In this context, it is possible to generate two different circuits with the same VP description....
For first iteration, we want to use a separate circuit for VP privacy. In the long run, this may take a different approach with Accumulation. This requires: - [ ]...
Using Poseidon with `bls12_377::ScalarField` is not very efficient because we are restricted to `α=11`. In the case of `bls12_381::ScalarField`, we have `α=5` (but we cannot have a 2-layer with this...
Our transactions are substantially more complex than Zcash transactions. Tx building: - [x] Proving all Transfers - [x] Proving all VPBlinds - [x] Proving all VPs - [ ] Tx...
- [x] Add `asset_type` field to Note - [x] Add `token_vp` public input to the circuit with verification against `asset_type` - [x] Add `data` field to Note (for NFTs, etc)...
- [x] merge the integrity check circuit(spend note, output note, merkle tree, nullifier) - [ ] VP integrity commitment(need blake2) - [ ] blake2 and its circuit