Is your feature request related to a problem? Please describe.
- gnark-crypto's off-chain EdDSA uses
hash.Hash (bytes), while gnark's in-circuit EdDSA uses hash.FieldHasher (field elements). Even with the same Poseidon2 permutation, these produce different hash values - making it impossible to sign off-chain and verify in-circuit using standard library functions.
Describe the solution you'd like
Add to bn254 EdDSA:
FieldHasher interface (Write(...fr.Element), Sum() fr.Element, Reset()) matching gnark's in-circuit std/hash.FieldHasherSignField(msg fr.Element, hFunc FieldHasher) / VerifyField(sigBin []byte, msg fr.Element, hFunc FieldHasher)- same EdDSA logic as existing Sign/Verify, but hashing field elements directly: H(R.X, R.Y, A.X, A.Y, msg)- Poseidon2 sponge
FieldHasher implementation using existing HorizenLabs BN254 constants
Describe alternatives you've considered
- Each project implements custom Sign/Verify
Additional context
- Non-breaking: existing Sign/Verify untouched. BN254-only.
Is your feature request related to a problem? Please describe.
hash.Hash(bytes), while gnark's in-circuit EdDSA useshash.FieldHasher(field elements). Even with the same Poseidon2 permutation, these produce different hash values - making it impossible to sign off-chain and verify in-circuit using standard library functions.Describe the solution you'd like
Add to bn254 EdDSA:
FieldHasherinterface (Write(...fr.Element),Sum() fr.Element,Reset()) matching gnark's in-circuitstd/hash.FieldHasherSignField(msg fr.Element, hFunc FieldHasher)/VerifyField(sigBin []byte, msg fr.Element, hFunc FieldHasher)- same EdDSA logic as existing Sign/Verify, but hashing field elements directly:H(R.X, R.Y, A.X, A.Y, msg)FieldHasherimplementation using existing HorizenLabs BN254 constantsDescribe alternatives you've considered
Additional context