fix(sponge): update implementation to comply with new specification (#39)

nougzarm · web-flow · commit 182e30b88fea · 2025-06-16T12:07:01.000+02:00
diff --git a/src/duplex_sponge/keccak.rs b/src/duplex_sponge/keccak.rs
@@ -20,15 +20,19 @@ pub struct KeccakPermutationState {
 
 impl Default for KeccakPermutationState {
     fn default() -> Self {
-        Self::new()
+        Self::new([0u8; 32])
     }
 }
 
 impl KeccakPermutationState {
-    pub fn new() -> Self {
+    pub fn new(iv: [u8; 32]) -> Self {
+        let rate = 136;
+        let mut state = [0u8; N];
+        state[rate..rate + 32].copy_from_slice(&iv);
+
         KeccakPermutationState {
-            state: [0u8; 200],
-            rate: 136,
+            state,
+            rate,
             capacity: 64,
         }
     }
@@ -70,15 +74,16 @@ pub struct KeccakDuplexSponge {
 impl KeccakDuplexSponge {
     pub fn new(iv: &[u8]) -> Self {
         assert_eq!(iv.len(), 32);
-        let state = KeccakPermutationState::new();
+
+        let state = KeccakPermutationState::new(iv.try_into().unwrap());
         let rate = R;
         let capacity = N - R;
         KeccakDuplexSponge {
             state,
             rate,
             capacity,
             absorb_index: 0,
-            squeeze_index: 0,
+            squeeze_index: rate,
         }
     }
 }
@@ -92,16 +97,14 @@ impl DuplexSpongeInterface for KeccakDuplexSponge {
         self.squeeze_index = self.rate;
 
         while !input.is_empty() {
-            if self.absorb_index == self.rate {
+            if self.absorb_index < self.rate {
+                self.state.state[self.absorb_index] = input[0];
+                self.absorb_index += 1;
+                input = &input[1..];
+            } else {
                 self.state.permute();
                 self.absorb_index = 0;
             }
-
-            let chunk_size = usize::min(self.rate - self.absorb_index, input.len());
-            let dest = &mut self.state.state[self.absorb_index..self.absorb_index + chunk_size];
-            dest.copy_from_slice(&input[..chunk_size]);
-            self.absorb_index += chunk_size;
-            input = &input[chunk_size..];
         }
     }
 
@@ -116,11 +119,11 @@ impl DuplexSpongeInterface for KeccakDuplexSponge {
             }
 
             let chunk_size = usize::min(self.rate - self.squeeze_index, length);
-            self.squeeze_index += chunk_size;
-            length -= chunk_size;
             output.extend_from_slice(
                 &self.state.state[self.squeeze_index..self.squeeze_index + chunk_size],
             );
+            self.squeeze_index += chunk_size;
+            length -= chunk_size;
         }
 
         output
diff --git a/src/tests/composition.rs b/src/tests/composition.rs
@@ -27,7 +27,7 @@ fn composition_proof_correct() {
     let domain_sep = b"hello world";
 
     // definitions of the underlying protocols
-    let (morph1, witness1) = dleq(<G as Group>::Scalar::random(&mut rng), G::random(&mut rng));
+    let (morph1, witness1) = dleq(G::random(&mut rng), <G as Group>::Scalar::random(&mut rng));
     let (morph2, _) = pedersen_commitment(
         G::random(&mut rng),
         <G as Group>::Scalar::random(&mut rng),
diff --git a/src/tests/relations.rs b/src/tests/relations.rs
@@ -20,7 +20,7 @@ fn test_discrete_logarithm() {
 #[test]
 fn test_dleq() {
     let mut rng = OsRng;
-    dleq(Scalar::random(&mut rng), G::random(&mut rng));
+    dleq(G::random(&mut rng), Scalar::random(&mut rng));
 }
 
 #[test]
@@ -100,7 +100,7 @@ fn noninteractive_discrete_logarithm() {
 #[test]
 fn noninteractive_dleq() {
     let mut rng = OsRng;
-    let (morphismp, witness) = dleq(Scalar::random(&mut rng), G::random(&mut rng));
+    let (morphismp, witness) = dleq(G::random(&mut rng), Scalar::random(&mut rng));
 
     // The SigmaProtocol induced by morphismp
     let protocol = SchnorrProof::from(morphismp);
diff --git a/src/tests/spec/allVectors.json b/src/tests/spec/allVectors.json
@@ -1,28 +1,27 @@
 {
   "discrete_logarithm": {
     "Context": "79656c6c6f77207375626d6172696e6579656c6c6f77207375626d6172696e65",
-    "Proof": "80c96c2822d816de609d4b72dd0b2a9409a3402338c977467225e7f506a60f3153a7f447450d7336c0ef15e4151349d91495306d216d5fe2ff3e660bcaf227c4794cb0e0887f5bcff6d4a6189cf9a494",
+    "Proof": "80c96c2822d816de609d4b72dd0b2a9409a3402338c977467225e7f506a60f3153a7f447450d7336c0ef15e4151349d95aab19ad1899c809b16226a60fa8abc9532bbf779d112bc4c0c4a6d2f5a95b23",
     "Statement": "TODO"
   },
   "dleq": {
     "Context": "79656c6c6f77207375626d6172696e6579656c6c6f77207375626d6172696e65",
-    "Proof": "a01abd54895b7df2d476b2371e1796278a114f7dd1514e05cc1c0c07d40957268684c8887aa3f8cee33856ca325412f5a4fffa7226a983c8fcd9bb59dbb7a72e5c4eacd80958c3685d7abaa477ba6d738b35998ea1d0089166d17ea0a206d2991bf0b87f1f5c977f93fdccf9ec820d989656662f146460d48e56bfc2f6482285",
+    "Proof": "a01abd54895b7df2d476b2371e1796278a114f7dd1514e05cc1c0c07d40957268684c8887aa3f8cee33856ca325412f5859a8bb9d31747dafffcfe70acd32bcb30b45db8333cd157f561039e654e2f8314ee648604afdb4c2a4c30ae9649119259a2f6ced2950f9865565a385e99055cd11368efbb2f550f1f75a4ae80f207cd",
     "Statement": "TODO"
   },
   "pedersen_commitment": {
     "Context": "79656c6c6f77207375626d6172696e6579656c6c6f77207375626d6172696e65",
-    "Proof": "91c620e60e68502ab1e0f0fa6b9f7e3225f678596da80c0e950e4149078562518ad37ed6177c71ebd6e2ca5fc32457d8228aa82bf0293a2d70def71e0e1f434af472458907c4827b694987a903126dd050b3ed6234dcd4d176f05582d3dab5515f790c5cdc927972d631a2ddceb53edb",
+    "Proof": "91c620e60e68502ab1e0f0fa6b9f7e3225f678596da80c0e950e4149078562518ad37ed6177c71ebd6e2ca5fc32457d80b4264ea8a92bec6bbd5624af41159e00f6c65a81a25e4f148b174c3fd4f7caa163bd697e16ad7885f148b018b18dc32f68a23028d68c18140c0b71e06c6d43b",
     "Statement": "TODO"
   },
   "pedersen_commitment_dleq": {
     "Context": "79656c6c6f77207375626d6172696e6579656c6c6f77207375626d6172696e65",
-    "Proof": "8e670749a002c02e0b343a47c0194743d9164d5026ddec0a9572a742748305f83b2fc679858f2f97debd72a08ec59dc38e5d6c8cc6cb284f4012d4eb41a807d1463ad0d8976f78baff1da1fdf2ad39027e8c66e0625b15740a72fc9e866f1d1014a32947fd44c55553eb2c13d21d639640b5d070987d8befea62367b235278d80a313d50f72e5c70de5fc1db95e042b3723344136144cc71c5515c5aa03d95d1",
+    "Proof": "8e670749a002c02e0b343a47c0194743d9164d5026ddec0a9572a742748305f83b2fc679858f2f97debd72a08ec59dc38e5d6c8cc6cb284f4012d4eb41a807d1463ad0d8976f78baff1da1fdf2ad39027e8c66e0625b15740a72fc9e866f1d106eb5822a300f6365cbc7809e81cf2c3576c10a286a14bf1107881684beba788c3cd7575ff3afaa135fb1b549621acdf7c9fe8602401dfc25d4fde441f2b17c2e",
     "Statement": "TODO"
   },
   "bbs_blind_commitment_computation": {
     "Context": "79656c6c6f77207375626d6172696e6579656c6c6f77207375626d6172696e65",
-    "Proof": "803d5d4fdb311967832758ae7402d03304b570f97c0756e5385a50622d0ac7b5de87fe14d15041b1564ba4893a1187304ed12592b9ca9c5ca92a87c3960f0bcae541ddf880271c361cca15c67e13bc504cf96235363e99bb3e126b111c220c77427873389d2397cf0798d251ec82ced1649b5d0e9b2f95410a68b5b66158e50832488e540853a8c79a17d8b8290266ec150af102dd9ca4a6f076399da893b1f2caa78d192590708c02ab561eb3a01aa1",
-
+    "Proof": "803d5d4fdb311967832758ae7402d03304b570f97c0756e5385a50622d0ac7b5de87fe14d15041b1564ba4893a11873043bb167cd1e1a68828e788be7ff518768d9c225d59785d6a9db3cabe9aaedf214fce23f4ec1665481b35bfd4b0d586058170e2ca22185242535ec49b173da9f12d00fa7e4a22440d1bf7cd04da48b0aca6b035a3be434cc2184036191ae61d535404fda6bed2505adb6eba56a8b8f456fe948de0a5531376fc7e726198e8be8d",
     "Statement": "TODO"
   }
 }
diff --git a/src/tests/spec/test_vectors.rs b/src/tests/spec/test_vectors.rs
@@ -46,7 +46,7 @@ macro_rules! generate_ni_function {
 }
 
 generate_ni_function!(NI_discrete_logarithm, discrete_logarithm, srandom);
-generate_ni_function!(NI_dleq, dleq, srandom, prandom);
+generate_ni_function!(NI_dleq, dleq, prandom, srandom);
 generate_ni_function!(
     NI_pedersen_commitment,
     pedersen_commitment,
diff --git a/src/tests/test_utils.rs b/src/tests/test_utils.rs
@@ -27,7 +27,7 @@ pub fn discrete_logarithm<G: Group + GroupEncoding>(
 
 /// LinearMap for knowledge of a discrete logarithm equality between two pairs.
 #[allow(non_snake_case)]
-pub fn dleq<G: Group + GroupEncoding>(x: G::Scalar, H: G) -> (LinearRelation<G>, Vec<G::Scalar>) {
+pub fn dleq<G: Group + GroupEncoding>(H: G, x: G::Scalar) -> (LinearRelation<G>, Vec<G::Scalar>) {
     let mut morphismp: LinearRelation<G> = LinearRelation::new();
 
     let var_x = morphismp.allocate_scalar();

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ macro_rules! generate_ni_function {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`generate_ni_function!(NI_discrete_logarithm, discrete_logarithm, srandom);`
`49`		`-generate_ni_function!(NI_dleq, dleq, srandom, prandom);`
	`49`	`+generate_ni_function!(NI_dleq, dleq, prandom, srandom);`
`50`	`50`	`generate_ni_function!(`
`51`	`51`	`NI_pedersen_commitment,`
`52`	`52`	`pedersen_commitment,`