[frontend] Add message tweaking function

[paulcadman]

This PR adds a Keccak256 tweak circuit that will be used to hash the messagfe in the hash-based signature scheme.

[paulcadman]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• [frontend] Add hash-based signature aggregation example #881
• [frontend] Add xmss multi-signature aggregation #880
• [frontend] Add xmss verifier #814
• [frontend] Add public key hash tweak #879
• [frontend] Add merkle tree verifier #813
• [frontend] Add tweak for Merkle tree hashes #812
• [frontend] Add Winternitz OTS verifier #811
• [frontend] Add message tweaking function #820 👈 (View in Graphite)
• [frontend] Add hash chain verification #808 : 2 other dependent PRs (#809 , #810 )
• [frontend] Make hash tweaking into a function #819
• main

---

How to use the Graphite Merge Queue

Add the label merge-ready to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[jadnohra]

These requests are debatable, happy to discuss.

Function Names

• verify_chain_tweak() → compute_chain_hash()
• verify_message_tweak() → compute_message_hash()
• verify_chain() → verify_hash_chain()
• verify_tweaked_keccak() → compute_tweaked_hash()

Issue: "verify" prefix misleading - these build hash circuits, don't verify signatures

Variable Names

• coordinate → starting_position (clearer semantics)
• signature_chunk → signature_hash (it's a hash, not a chunk)
• param → domain_param (more specific)
• end_hash → public_key_element (describes role)

Module Structure

Current:
hash_based_sig/
├── chain.rs
└── tweak/chain.rs // name collision

Suggested:
hash_based_sig/
├── chain_verification.rs
└── hashing/
├── chain.rs
└── message.rs

[paulcadman]

I've made the changes to the module structure and variable names that you suggested. For function names, I've changed to using the convention of adding a circuit_ prefix to functions that build a circuit.

[graphite-app]

Merge activity

• Sep 1, 3:16 PM UTC: paulcadman added this pull request to the Graphite merge queue.
• Sep 1, 3:16 PM UTC: CI is running for this pull request on a draft pull request (#897) due to your merge queue CI optimization settings.
• Sep 1, 3:22 PM UTC: Merged by the Graphite merge queue via draft PR: #897.