Jeff Burdges

See https://github.com/w3f/ring-vrf/commit/b87e3a12e4a592abd2438f701c2953798dd4c625#diff-b956979688cec9dec3a8d6eeb4ccd2a129e0d48803110ee9def443aec17d72d7R105

I simply meant copy "more of" std::error from std into ark-std, specifically the `::downcast` part. I'll make @achimcc submit a PR for it if our auditors think error passing matters...

I've wondered about the RNS/CRT approach before, but never really pushed the mathematics. I'd always assumed you'd need at least four primes to do the reduction step in https://cr.yp.to/antiforgery/meecrt-20060914-ams.pdf likely...

Why? As I understand it, it should never matter if it's in i1 or i2 position. There are tricks to introduce an i3 and maybe an i4, but not sure...

Interesting, I see why you want this annotation of i1 or i2 now. Another options might be to dynamically increase the bucket width b? You'd still need a copy though...

Appears Bin Fan's tweak is not necessarily optimal as described above. We have i1 = hash(x) % N initially. As i1 values do not change, this formula remains true after...

Appears all these schemes should impact the false positive rate similarly. It's simply that, if a false positive would happen in the original filter, then it must happen in the...

I'm curious: What doers this do?

At minimum, we could've seperate constant time curve crates where external crates already supply them, so maybe wrappers over cruve25519-dalek and bls12_381.

I'd suggest you look at https://github.com/paritytech/arkworks-extensions and the work being done for sassafras, like https://github.com/w3f/ring-vrf/blob/master/bandersnatch_vrfs/src/lib.rs#L18-L28 We've not released those host calls in polkadot yet, but they'll happen eventually, and you...