Conversation
WizardOfMenlo
left a comment
WizardOfMenlo
left a comment
There was a problem hiding this comment.
I have left a bunch of comments.
src/crypto/fs/blake3.rs
Outdated
| @@ -0,0 +1,46 @@ | |||
| use ark_crypto_primitives::sponge::{Absorb, CryptographicSponge}; | |||
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
| } | ||
|
|
||
| fn prove(&self, witness: &W) -> Self::Proof { | ||
| let challenges = witness.challenges(self.config.num_challenges); |
There was a problem hiding this comment.
I think this should not go trough witness, the witness should not be in charge of generating challenges.
There was a problem hiding this comment.
Sure, I didn't even use it in STIR so I don't think there's any need to keep it.
| { | ||
| challenge_answers: MultiPath<M>, | ||
| committed_values: Vec<Vec<F>>, | ||
| merkle_leaf_hash_param: LeafParam<M>, |
There was a problem hiding this comment.
I think these params should not be in the proof, we should have it as PhantomData.
There was a problem hiding this comment.
How would you verify if they're not in the proof? MultiProof().verify() takes these as arguments
There was a problem hiding this comment.
The verifier will have them in its own config no? So it can pass them to this.
There was a problem hiding this comment.
It doesn't bother me here and I think it would be weird to "pass it in" as an argument to the proof.verify(..., merkle_params): https://github.com/arkworks-rs/ldt/blob/z-tech/STIR/src/direct/proof.rs#L65, but if we delete proof.verify() entirely and move it onto the DirectProver implementation that seems fine to me
z-tech
requested review from
a team,
Pratyush,
mmagician and
weikengchen
and removed request for
a team
This comment was marked as resolved.
This comment was marked as resolved.
|
@Pratyush @WizardOfMenlo Recapping an offline discussion: there's an open question about if we want to include blake3 as a Merkle tree in crypto-primitives. See this file: https://github.com/WizardOfMenlo/stir/blob/main/src/crypto/merkle_tree/blake3.rs I'm resolving all other comments related this for now. |
| witness_coeff: DensePolynomial<F>, | ||
| ) -> Self { | ||
| let mut sponge = S::new(&config.sponge_config); | ||
| sponge.absorb(&commitment.root()); |
There was a problem hiding this comment.
@mmaker This is my first time looking at Nimue. The pattern I have here is absorb/ squeeze using this sponge. It looks v similar to this example in the Nimue docs: https://docs.rs/nimue/latest/nimue/#protocol-transcripts
Basically, if I swap the sponge in this struct for IOPattern::<H>::new and use it the same way, does this fix or improve some issue that I'm unaware of?
There was a problem hiding this comment.
hey, yes pretty much!
The prover will be a Merlin instance, which can be generated from iopattern.into_merlin(). You can either have a mutable reference to it or just store the iopattern inside the config.
Note that if you have a similar struct for the verifier you'd have instead to useArthur, which can generated from (bytes of) the proof and the iopattern, but will keep a reference to the proof.
3 participants
What does this PR do?
What does this PR not include?
Future plans (?):