Can I implement an accumulator with this library?

[seniorjoinu]

As the title says. I'm looking for ways of replacing a Merkle-tree with something more efficient. But I'm a software developer, not a cryptographer, so it is kinda hard for me.

If it can do an accumulator, what would the simplest implementation look like?

From what I'm reading online it looks like the code like this should do the trick:

let mut accumulator = c::ED25519_BASEPOINT_POINT;

let val_1 = s::Scalar::from_bits([1u8; 32]);
accumulator *= &val_1;

let val_2 = s::Scalar::from_bits([2u8; 32]);
accumulator *= &val_2;

let val_3 = s::Scalar::from_bits([3u8; 32]);
accumulator *= &val_3;

let witness_1 = accumulator * val_1.invert();
let witness_2 = accumulator * val_2.invert();
let witness_3 = accumulator * val_3.invert();

assert_eq!(accumulator, witness_1 * val_1, "Doesn't contain the first value");
assert_eq!(accumulator, witness_2 * val_2, "Doesn't contain the second value");
assert_eq!(accumulator, witness_3 * val_3, "Doesn't contain the third value");

accumulator *= val_1.invert();
accumulator *= val_2.invert();
accumulator *= val_3.invert();

assert_eq!(accumulator, c::ED25519_BASEPOINT_POINT);

I understand that this accumulator doesn't contain any authentication - it can be applied later by a separate procedure.

[codahale]

This is not an accumulator in the cryptographic sense, no, nor is it possible to build one using elliptic curves without a pairing function and Curve25519 is not pairing-friendly. Your math here is correct, it just doesn’t line up with any of the properties which make cryptographic accumulators useful for e.g. zero-knowledge proofs. I’d recommend watching this video and reading the accompanying article on accumulators.