Giulio

In their [FAQ](https://mimc.iaik.tugraz.at/pages/faq.php) the MiMC authors comment against using a Miyaguchi-Preneel structure and add that if going that route they would recommend increasing the number of rounds. The number of...

👍 I think the easiest thing is to simply adjust the lsig teal max program size to 4k which is more in line with the other limits of the AVM....

> I do not think this is a good idea, since it makes it easy to bloat transaction sizes. This is already a vector to annoy the network. Thankfully nobody...

I'd be happy too if we can have the total number of lsig bytes in a group as 1000*numTxnsInGroup. It achieves the same end result as one big lsig in...

I've created a [PR](https://github.com/algorand/go-algorand/pull/6057) to implement pooling across a transaction group as suggested

That is of course a very good question, and here are my views. Also let me say that I am not a cryptographer but an "applied" guy so happy to...

> Seems that MiMC is still a very recent hash function, not part of `libsodium`. Do you know if it has been proven secure under traditional assumptions and it is...

I wrote the tests separately in https://github.com/giuliop/test-mimc-opcodes not knowing how the test system worked in go-algorand but it looks straightforward and will add them. mimc does not use points in...

Your concerns are well founded in the context of a normal hash function and what is different here is that we are mirroring the way mimc has to work in...

> I've submitted this. I don't know what they'll say, because I don't know the state of standardization of mimc hashing. [Consensys/gnark-crypto#504](https://github.com/Consensys/gnark-crypto/issues/504) I saw their reply, they are between a...