sigma-rs · mmaker · Nov 22, 2025 · Nov 20, 2025 · Nov 22, 2025 · Nov 22, 2025
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -24,14 +24,14 @@ jobs:
     - name: Build
       run: cargo build --verbose
     - name: Run tests
-      run: cargo test --verbose
+      run: cargo test --verbose --no-fail-fast
     - name: Run benchmark test
       # Run the msm benchmark, just to ensure it isn't broken.
       run: cargo bench --bench msm -- --quick
 
   no-std-check:
     runs-on: ubuntu-latest
-    
+
     steps:
     - uses: actions/checkout@v3
     - name: Install Rust toolchain
@@ -76,4 +76,4 @@ jobs:
     - name: Build no_std (nightly)
       run: cargo +${{ matrix.toolchain }} build --no-default-features --verbose
     - name: Run tests (nightly)
-      run: cargo +${{ matrix.toolchain }} test --all-features --verbose
+      run: cargo +${{ matrix.toolchain }} test --all-features --verbose --no-fail-fast
diff --git a/src/codec.rs b/src/codec.rs
@@ -1,7 +1,7 @@
 //! Encoding and decoding utilities for Fiat-Shamir and group operations.
 
 use crate::duplex_sponge::DuplexSpongeInterface;
-pub use crate::duplex_sponge::{keccak::KeccakDuplexSponge, shake::ShakeDuplexSponge};
+use crate::duplex_sponge::{keccak::KeccakDuplexSponge, shake::ShakeDuplexSponge};
 use alloc::vec;
 use ff::PrimeField;
 use group::prime::PrimeGroup;
@@ -23,7 +23,11 @@ pub trait Codec {
     type Challenge;
 
     /// Generates an empty codec that can be identified by a domain separator.
-    fn new(protocol_identifier: &[u8], session_identifier: &[u8], instance_label: &[u8]) -> Self;
+    fn new(
+        protocol_identifier: &[u8; 64],
+        session_identifier: &[u8],
+        instance_label: &[u8],
+    ) -> Self;
 
     /// Allows for precomputed initialization of the codec with a specific IV.
     fn from_iv(iv: [u8; 64]) -> Self;
@@ -65,12 +69,11 @@ fn length_to_bytes(x: usize) -> [u8; WORD_SIZE] {
 /// This function computes a deterministic IV from the protocol identifier,
 /// session identifier, and instance label using the specified duplex sponge.
 pub fn compute_iv<H: DuplexSpongeInterface>(
-    protocol_id: &[u8],
+    protocol_id: &[u8; 64],
     session_id: &[u8],
     instance_label: &[u8],
 ) -> [u8; 64] {
     let mut tmp = H::new([0u8; 64]);
-    tmp.absorb(&length_to_bytes(protocol_id.len()));
     tmp.absorb(protocol_id);
     tmp.absorb(&length_to_bytes(session_id.len()));
     tmp.absorb(session_id);
@@ -86,9 +89,16 @@ where
 {
     type Challenge = G::Scalar;
 
-    fn new(protocol_id: &[u8], session_id: &[u8], instance_label: &[u8]) -> Self {
-        let iv = compute_iv::<H>(protocol_id, session_id, instance_label);
-        Self::from_iv(iv)
+    fn new(protocol_id: &[u8; 64], session_id: &[u8], instance_label: &[u8]) -> Self {
+        let mut hasher = H::new(*protocol_id);
+        hasher.absorb(&length_to_bytes(session_id.len()));
+        hasher.absorb(session_id);
+        hasher.absorb(&length_to_bytes(instance_label.len()));
+        hasher.absorb(instance_label);
+        Self {
+            hasher,
+            _marker: core::marker::PhantomData,
+        }
     }
 
     fn from_iv(iv: [u8; 64]) -> Self {

diff --git a/src/composition.rs b/src/composition.rs
@@ -556,7 +556,7 @@ impl<G: PrimeGroup + ConstantTimeEq + ConditionallySelectable> SigmaProtocol
         }
     }
 
-    fn protocol_identifier(&self) -> impl AsRef<[u8]> {
+    fn protocol_identifier(&self) -> [u8; 64] {
         let mut hasher = Sha3_256::new();
 
         match self {
@@ -569,19 +569,21 @@ impl<G: PrimeGroup + ConstantTimeEq + ConditionallySelectable> SigmaProtocol
                 let mut hasher = Sha3_256::new();
                 hasher.update([1u8; 32]);
                 for p in protocols {
-                    hasher.update(p.protocol_identifier());
+                    hasher.update(p.protocol_identifier().as_ref());
                 }
             }
             ComposedRelation::Or(protocols) => {
                 let mut hasher = Sha3_256::new();
                 hasher.update([2u8; 32]);
                 for p in protocols {
-                    hasher.update(p.protocol_identifier());
+                    hasher.update(p.protocol_identifier().as_ref());
                 }
             }
         }
 
-        hasher.finalize()
+        let mut protocol_id = [0u8; 64];
+        protocol_id[..32].clone_from_slice(&hasher.finalize());
+        protocol_id
     }
 
     fn serialize_response(&self, response: &Self::Response) -> Vec<u8> {

diff --git a/src/fiat_shamir.rs b/src/fiat_shamir.rs
@@ -68,7 +68,7 @@ where
     /// A new [`Nizk`] that can generate and verify non-interactive proofs.
     pub fn new(session_identifier: &[u8], interactive_proof: P) -> Self {
         let hash_state = C::new(
-            interactive_proof.protocol_identifier().as_ref(),
+            &interactive_proof.protocol_identifier(),
             session_identifier,
             interactive_proof.instance_label().as_ref(),
         );

diff --git a/src/lib.rs b/src/lib.rs
@@ -72,17 +72,17 @@ extern crate alloc;
 pub mod codec;
 pub mod composition;
 pub mod errors;
+pub mod group;
 pub mod linear_relation;
 pub mod traits;
 
 pub(crate) mod duplex_sponge;
 pub(crate) mod fiat_shamir;
-pub(crate) mod group;
 pub(crate) mod schnorr_protocol;
 
-#[cfg(test)]
-pub mod tests;
-
+pub use duplex_sponge::{
+    keccak::KeccakDuplexSponge, shake::ShakeDuplexSponge, DuplexSpongeInterface,
+};
 pub use fiat_shamir::Nizk;
 pub use group::msm::VariableMultiScalarMul;
 pub use linear_relation::LinearRelation;

diff --git a/src/schnorr_protocol.rs b/src/schnorr_protocol.rs
@@ -233,8 +233,11 @@ impl<G: PrimeGroup> SigmaProtocol for CanonicalLinearRelation<G> {
         self.label()
     }
 
-    fn protocol_identifier(&self) -> impl AsRef<[u8]> {
-        b"draft-zkproof-fiat-shamir"
+    fn protocol_identifier(&self) -> [u8; 64] {
+        const PROTOCOL_ID: &[u8; 32] = b"ietf sigma proof linear relation";
+        let mut protocol_id = [0; 64];
+        protocol_id[..32].clone_from_slice(PROTOCOL_ID);
+        protocol_id
     }
 }
 

diff --git a/src/tests/mod.rs b/src/tests/mod.rs
diff --git a/src/tests/spec/mod.rs b/src/tests/spec/mod.rs
diff --git a/src/tests/spec/vectors/testSigmaProtocols.json b/src/tests/spec/vectors/testSigmaProtocols.json
diff --git a/src/traits.rs b/src/traits.rs
@@ -98,7 +98,7 @@ pub trait SigmaProtocol {
     /// Deserializes a response from bytes.
     fn deserialize_response(&self, data: &[u8]) -> Result<Self::Response, Error>;
 
-    fn protocol_identifier(&self) -> impl AsRef<[u8]>;
+    fn protocol_identifier(&self) -> [u8; 64];
 
     fn instance_label(&self) -> impl AsRef<[u8]>;
 }