refactor: rely on spongefish for Fiat-Shamir.

Cargo.toml

@@ -39,6 +39,7 @@ zerocopy = { version = "0.8", default-features = false }
 zeroize = { version = "1.8.1", default-features = false, features = ["alloc"] }
 hashbrown = { version = "0.15", default-features = false }
 ahash = { version = "0.8", default-features = false }
+spongefish = { path="/Users/maker/Code/spongefish/spongefish" }
 
 [dev-dependencies]
 bls12_381 = "0.8.0"
@@ -53,6 +54,11 @@ p256 = { version = "0.13", features = ["arithmetic"] }
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.140"
 sha2 = "0.10"
+spongefish = { path="/Users/maker/Code/spongefish/spongefish", features = ["curve25519-dalek"] }
+
+[[example]]
+name = "schnorr"
+required-features = ["spongefish/curve25519-dalek"]
 
 [[bench]]
 name = "msm"
@@ -61,4 +67,3 @@ harness = false
 [profile.dev]
 # Makes tests run much faster at the cost of slightly longer builds and worse debug info.
 opt-level = 1
-

examples/simple_composition.rs

@@ -5,10 +5,9 @@ use curve25519_dalek::scalar::Scalar;
 use group::Group;
 use rand::rngs::OsRng;
 use sigma_proofs::{
-    codec::Shake128DuplexSponge,
     composition::{ComposedRelation, ComposedWitness},
     errors::Error,
-    LinearRelation, Nizk,
+    LinearRelation,
 };
 
 type G = RistrettoPoint;
@@ -56,7 +55,7 @@ fn prove(P1: G, x2: Scalar, H: G) -> ProofResult<Vec<u8>> {
         ComposedWitness::Simple(vec![Scalar::from(0u64)]),
         ComposedWitness::Simple(vec![x2]),
     ]);
-    let nizk = Nizk::<_, Shake128DuplexSponge<G>>::new(b"or_proof_example", instance);
+    let nizk = instance.into_nizk(b"or_proof_example");
 
     nizk.prove_batchable(&witness, &mut OsRng)
 }
@@ -65,7 +64,7 @@ fn prove(P1: G, x2: Scalar, H: G) -> ProofResult<Vec<u8>> {
 #[allow(non_snake_case)]
 fn verify(P1: G, P2: G, Q: G, H: G, proof: &[u8]) -> ProofResult<()> {
     let protocol = create_relation(P1, P2, Q, H);
-    let nizk = Nizk::<_, Shake128DuplexSponge<G>>::new(b"or_proof_example", protocol);
+    let nizk = protocol.into_nizk(b"or_proof_example");
 
     nizk.verify_batchable(proof)
 }

src/codec.rs

@@ -25,9 +25,6 @@ pub trait Codec {
     /// Generates an empty codec that can be identified by a domain separator.
     fn new(protocol_identifier: &[u8], session_identifier: &[u8], instance_label: &[u8]) -> Self;
 
-    /// Allows for precomputed initialization of the codec with a specific IV.
-    fn from_iv(iv: [u8; 64]) -> Self;
-
     /// Absorbs data into the codec.
     fn prover_message(&mut self, data: &[u8]);
 
@@ -86,16 +83,8 @@ where
 {
     type Challenge = G::Scalar;
 
-    fn new(protocol_id: &[u8], session_id: &[u8], instance_label: &[u8]) -> Self {
-        let iv = compute_iv::<H>(protocol_id, session_id, instance_label);
-        Self::from_iv(iv)
-    }
-
-    fn from_iv(iv: [u8; 64]) -> Self {
-        Self {
-            hasher: H::new(iv),
-            _marker: core::marker::PhantomData,
-        }
+    fn new(_protocol_id: &[u8], _session_id: &[u8], _instance_label: &[u8]) -> Self {
+        todo!()
     }
 
     fn prover_message(&mut self, data: &[u8]) {

src/composition.rs

@@ -18,13 +18,16 @@
 //! )
 //! ```
 
+use std::io::Read;
+
 use alloc::vec::Vec;
 use ff::{Field, PrimeField};
 use group::prime::PrimeGroup;
 #[cfg(feature = "std")]
 use rand::{CryptoRng, Rng};
 #[cfg(not(feature = "std"))]
 use rand_core::{CryptoRng, RngCore as Rng};
+use sha3::digest::ExtendableOutput;
 use sha3::{Digest, Sha3_256};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 
@@ -477,7 +480,7 @@ impl<G: PrimeGroup + ConstantTimeEq + ConditionallySelectable> SigmaProtocol
 
     fn verifier(
         &self,
-        commitment: &Self::Commitment,
+        commitment: &[Self::Commitment],
         challenge: &Self::Challenge,
         response: &Self::Response,
     ) -> Result<(), Error> {
@@ -556,8 +559,8 @@ impl<G: PrimeGroup + ConstantTimeEq + ConditionallySelectable> SigmaProtocol
         }
     }
 
-    fn protocol_identifier(&self) -> impl AsRef<[u8]> {
-        let mut hasher = Sha3_256::new();
+    fn protocol_identifier(&self) -> [u8; 64] {
+        let mut hasher = sha3::TurboShake128::default();
 
         match self {
             ComposedRelation::Simple(p) => {
@@ -566,22 +569,20 @@ impl<G: PrimeGroup + ConstantTimeEq + ConditionallySelectable> SigmaProtocol
                 hasher.update(p.protocol_identifier());
             }
             ComposedRelation::And(protocols) => {
-                let mut hasher = Sha3_256::new();
                 hasher.update([1u8; 32]);
                 for p in protocols {
                     hasher.update(p.protocol_identifier());
                 }
             }
             ComposedRelation::Or(protocols) => {
-                let mut hasher = Sha3_256::new();
                 hasher.update([2u8; 32]);
                 for p in protocols {
                     hasher.update(p.protocol_identifier());
                 }
             }
         }
 
-        hasher.finalize()
+        hasher.finalize_xof().take(64).try_into().unwrap()
     }
 
     fn serialize_response(&self, response: &Self::Response) -> Vec<u8> {

src/errors.rs

@@ -60,6 +60,12 @@ pub enum Error {
     },
 }
 
+impl From<spongefish::VerificationError> for Error {
+    fn from(_value: spongefish::VerificationError) -> Self {
+        Error::VerificationFailure
+    }
+}
+
 // Manual Display implementation for no_std compatibility
 #[cfg(not(feature = "std"))]
 impl fmt::Display for InvalidInstance {