[frontend] Make hash tweaking into a function#819
Closed
paulcadman wants to merge 2 commits intomainfrom
Closed
Conversation
This was referenced Aug 27, 2025
Contributor
Author
How to use the Graphite Merge QueueAdd the label merge-ready to this PR to add it to the merge queue. You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has enabled the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
This was referenced Aug 27, 2025
paulcadman
changed the base branch from
08-20-_frontend_add_hash_chain_verification
to
graphite-base/819
paulcadman
force-pushed
the
hash_tweaking_function
branch
from
2a86a1d to
92a189f
Compare
paulcadman
force-pushed
the
graphite-base/819
branch
from
facebba to
686847f
Compare
paulcadman
force-pushed
the
hash_tweaking_function
branch
from
92a189f to
4ffb0a9
Compare
jadnohra
approved these changes
Aug 29, 2025
This was referenced Aug 31, 2025
paulcadman
force-pushed
the
hash_tweaking_function
branch
2 times, most recently
from
bd0f1b0 to
c92982e
Compare
paulcadman
force-pushed
the
hash_tweaking_function
branch
from
c92982e to
75246c9
Compare
Merge activity
|
graphite-app bot
pushed a commit
that referenced
this pull request
Sep 1, 2025
This PR changes the ChainTweak circuit from a struct:
```
pub struct ChainTweak {
... inout wires to be populated ...
}
impl ChainTweak {
fn new(builder:: &CircuitBuilder, params) -> Self {
... build circuit ...
}
}
```
To a function:
```
pub fn verify_chain_tweak(builder: &CircuitBuilder, params, ... inout wires ..., ) -> Keccak {
... build circuit ...
}
```
The `populate_*`functions are also removed, the caller is reponsible for populating the wires.
The function reutrns a Keccak verifier that must be populated with the expected digest and message.
A base `verify_tweaked_keccak` is also factored out which handles all tweaks of the form `Keccak256(param || tweak || additional)`, this circuit will be used as a common function by all the tweaking circuits we need for hash-based signatures.
### Note
Ideally the message wries would be passed in as an argument to the function, but there’s added complexity with this approach. The Keccak circuit contains a padded version of the message. This would have to be constructed and passed into the `verify_chain_tweak` function separately. So in this case it is arguable that it’s simpler to reuse the Keccak struct.
lockedloop
pushed a commit
that referenced
this pull request
Sep 8, 2025
This PR changes the ChainTweak circuit from a struct:
```
pub struct ChainTweak {
... inout wires to be populated ...
}
impl ChainTweak {
fn new(builder:: &CircuitBuilder, params) -> Self {
... build circuit ...
}
}
```
To a function:
```
pub fn verify_chain_tweak(builder: &CircuitBuilder, params, ... inout wires ..., ) -> Keccak {
... build circuit ...
}
```
The `populate_*`functions are also removed, the caller is reponsible for populating the wires.
The function reutrns a Keccak verifier that must be populated with the expected digest and message.
A base `verify_tweaked_keccak` is also factored out which handles all tweaks of the form `Keccak256(param || tweak || additional)`, this circuit will be used as a common function by all the tweaking circuits we need for hash-based signatures.
### Note
Ideally the message wries would be passed in as an argument to the function, but there’s added complexity with this approach. The Keccak circuit contains a padded version of the message. This would have to be constructed and passed into the `verify_chain_tweak` function separately. So in this case it is arguable that it’s simpler to reuse the Keccak struct.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR changes the ChainTweak circuit from a struct:
To a function:
The
populate_*functions are also removed, the caller is reponsible for populating the wires.The function reutrns a Keccak verifier that must be populated with the expected digest and message.
A base
verify_tweaked_keccak is also factored out which handles all tweaks of the formKeccak256(param || tweak || additional), this circuit will be used as a common function by all the tweaking circuits we need for hash-based signatures.Note
Ideally the message wries would be passed in as an argument to the function, but there’s added complexity with this approach. The Keccak circuit contains a padded version of the message. This would have to be constructed and passed into the
verify_chain_tweak function separately. So in this case it is arguable that it’s simpler to reuse the Keccak struct.