halo2 icon indicating copy to clipboard operation
halo2 copied to clipboard

Published 20 hours ago verified publisher icon privacy-scaling-explorations

Transcript with Poseidon hasher

Open kilic opened this issue 2 years ago • 2 comments

This PR adds a new transcript with poseidon hasher. It also moves blake2b transcript to ::transcript::blake2b and the new one is implemented at ::transcript::poseidon. Poseidon transcript depends on appliedzkp/poseidon.

In poseidon transcript prefix contribution is avoided in order to save some space in the circuit implementation. I'm not really sure if this change would introduce some security issues. Because of that status of the PR remains as draft.

And the other alteration is that with LimbRepresentation strategy points are added to the state as (limbs_of_x, sign_of_y) to reduce cost of adding more limbs of the y coordinate. Basically it should be similar with the compressed form of the point.

NativeRepresentation strategy assumes that there are no two points P_0 = (x_0, y_0) and P_1 = (x_1, y_1) where (x_0 == x_1) % scalar_field_modulus and (y_0 == y_1) % scalar_field_modulus. This approach basically reduces contribution of a coordinate to a single element which would be great improvement for circuit side. However assumption might be wrong and should not be used until it's proven.

(Comments are updated @therealyingtong)

kilic avatar Mar 31 '22 15:03 kilic

Regarding NativeRepresentation issue @xgaozoyoe provided a research material.

kilic avatar Apr 08 '22 10:04 kilic

This has been stale for a while now, can we close? @kilic

davidnevadoc avatar May 13 '24 17:05 davidnevadoc