Add keccak transcript

Cargo.toml

@@ -11,6 +11,8 @@ ark-std = "^0.4.0"
 ark-crypto-primitives = { version = "^0.4.0", default-features = false, features = ["r1cs", "sponge"] }
 ark-relations = { version = "^0.4.0", default-features = false }
 ark-r1cs-std = { version = "^0.4.0", default-features = false }
+tiny-keccak = { version = "2.0", features = ["keccak"] }
+sha3 = "0.10.8"
 thiserror = "1.0"
 rayon = "1.7.0"
 

src/pedersen.rs

@@ -93,22 +93,20 @@ impl<C: CurveGroup> Pedersen<C> {
 mod tests {
     use super::*;
     use crate::transcript::poseidon::{tests::poseidon_test_config, PoseidonTranscript};
+    use crate::transcript::keccak::{tests::keccak_test_config, KeccakTranscript};
+    use crate::transcript::sha3::{tests::sha3_test_config, SHA3Transcript};
+    use crate::transcript::Transcript;
 
     use ark_pallas::{Fr, Projective};
 
-    #[test]
-    fn test_pedersen_vector() {
+    fn test_pedersen_vector_with<T: Transcript<Projective>>(config: T::TranscriptConfig) {
+        let mut transcript_p: T = Transcript::<Projective>::new(&config);
+        let mut transcript_v: T = Transcript::<Projective>::new(&config);
         let mut rng = ark_std::test_rng();
 
         const n: usize = 10;
         // setup params
         let params = Pedersen::<Projective>::new_params(&mut rng, n);
-        let poseidon_config = poseidon_test_config::<Fr>();
-
-        // init Prover's transcript
-        let mut transcript_p = PoseidonTranscript::<Projective>::new(&poseidon_config);
-        // init Verifier's transcript
-        let mut transcript_v = PoseidonTranscript::<Projective>::new(&poseidon_config);
 
         let v: Vec<Fr> = vec![Fr::rand(&mut rng); n];
         let r: Fr = Fr::rand(&mut rng);
@@ -117,4 +115,14 @@ mod tests {
         let v = Pedersen::<Projective>::verify(&params, &mut transcript_v, cm, proof);
         assert!(v);
     }
+
+    #[test]
+    fn test_pedersen_vector() {
+        // Test for Poseidon
+        test_pedersen_vector_with::<PoseidonTranscript<Projective>>(poseidon_test_config::<Fr>());
+        // Test for Keccak
+        test_pedersen_vector_with::<KeccakTranscript<Projective>>(keccak_test_config::<Fr>());
+        // Test for SHA3
+        test_pedersen_vector_with::<SHA3Transcript<Projective>>(sha3_test_config::<Fr>());
+    }
 }

src/transcript/keccak.rs

@@ -0,0 +1,92 @@
+use std::marker::PhantomData;
+use tiny_keccak::{Keccak, Hasher};
+use ark_ec::CurveGroup;
+use ark_ff::{BigInteger, PrimeField};
+
+use crate::transcript::Transcript;
+
+/// KecccakTranscript implements the Transcript trait using the Keccak hash
+pub struct KeccakTranscript<C: CurveGroup> {
+    sponge: Keccak,
+    phantom: PhantomData<C>,
+}
+
+#[derive(Debug)]
+pub struct KeccakConfig {}
+
+impl<C: CurveGroup> Transcript<C> for KeccakTranscript<C> {
+    type TranscriptConfig = KeccakConfig;
+    fn new(config: &Self::TranscriptConfig) -> Self {
+        let _ = config;
+        let sponge = Keccak::v256();
+        Self {
+            sponge,
+            phantom: PhantomData,
+        }
+    }
+
+    fn absorb(&mut self, v: &C::ScalarField) {
+        self.sponge.update(&(v.into_bigint().to_bytes_le()));
+    }
+    fn absorb_vec(&mut self, v: &[C::ScalarField]) {
+        for _v in v {
+            self.sponge.update(&(_v.into_bigint().to_bytes_le()));
+        }
+    }
+    fn absorb_point(&mut self, p: &C) {
+        let mut serialized = vec![];
+        p.serialize_compressed(&mut serialized).unwrap();
+        self.sponge.update(&(serialized))
+    }
+    fn get_challenge(&mut self) -> C::ScalarField {
+        let mut output = [0u8; 32];
+        self.sponge.clone().finalize(&mut output);
+        self.sponge.update(&[output[0]]);
+        C::ScalarField::from_le_bytes_mod_order(&[output[0]])
+    }
+    fn get_challenge_nbits(&mut self, nbits: usize) -> Vec<bool> {
+        // TODO
+        vec![]
+    }
+    fn get_challenges(&mut self, n: usize) -> Vec<C::ScalarField> {
+        let mut output = [0u8; 32];
+        self.sponge.clone().finalize(&mut output);
+        self.sponge.update(&[output[0]]);
+
+        let c: Vec<C::ScalarField> = output
+            .iter()
+            .map(|c| C::ScalarField::from_le_bytes_mod_order(&[*c]))
+            .collect();
+        c[..n].to_vec()
+    }
+}
+
+#[cfg(test)]
+pub mod tests {
+    use super::*;
+    use ark_pallas::{
+        // constraints::GVar,
+        Fr, Projective
+    };
+    use ark_std::UniformRand;
+
+    /// WARNING the method poseidon_test_config is for tests only
+    #[cfg(test)]
+    pub fn keccak_test_config<F: PrimeField>() -> KeccakConfig {
+        KeccakConfig {}
+    }
+
+    #[test]
+    fn test_transcript_get_challenge() {
+        let mut rng = ark_std::test_rng();
+
+        const n: usize = 10;
+        let config = keccak_test_config::<Fr>();
+
+        // init transcript
+        let mut transcript = KeccakTranscript::<Projective>::new(&config);
+        let v: Vec<Fr> = vec![Fr::rand(&mut rng); n];
+        let challenges = transcript.get_challenges(v.len());
+        assert_eq!(challenges.len(), n);
+    }
+}

src/transcript/mod.rs

@@ -2,6 +2,8 @@ use ark_ec::CurveGroup;
 use ark_std::fmt::Debug;
 
 pub mod poseidon;
+pub mod keccak;
+pub mod sha3;
 
 pub trait Transcript<C: CurveGroup> {
     type TranscriptConfig: Debug;

src/transcript/sha3.rs

@@ -0,0 +1,91 @@
+use std::marker::PhantomData;
+use sha3::{Shake256, digest::*};
+use ark_ec::CurveGroup;
+use ark_ff::{BigInteger, PrimeField};
+
+use crate::transcript::Transcript;
+
+/// SHA3Transcript implements the Transcript trait using the Keccak hash
+pub struct SHA3Transcript<C: CurveGroup> {
+    sponge: Shake256,
+    phantom: PhantomData<C>,
+}
+
+#[derive(Debug)]
+pub struct SHA3Config {}
+
+impl<C: CurveGroup> Transcript<C> for SHA3Transcript<C> {
+    type TranscriptConfig = SHA3Config;
+    fn new(config: &Self::TranscriptConfig) -> Self {
+        let _ = config;
+        let sponge = Shake256::default();
+        Self {
+            sponge,
+            phantom: PhantomData,
+        }
+    }
+
+    fn absorb(&mut self, v: &C::ScalarField) {
+        self.sponge.update(&(v.into_bigint().to_bytes_le()));
+    }
+    fn absorb_vec(&mut self, v: &[C::ScalarField]) {
+        for _v in v {
+            self.sponge.update(&(_v.into_bigint().to_bytes_le()));
+        }
+    }
+    fn absorb_point(&mut self, p: &C) {
+        let mut serialized = vec![];
+        p.serialize_compressed(&mut serialized).unwrap();
+        self.sponge.update(&(serialized))
+    }
+    fn get_challenge(&mut self) -> C::ScalarField {
+        let output = self.sponge.clone().finalize_boxed(200);
+        self.sponge.update(&[output[0]]);
+        C::ScalarField::from_le_bytes_mod_order(&[output[0]])
+    }
+    fn get_challenge_nbits(&mut self, nbits: usize) -> Vec<bool> {
+        // TODO
+        // should call finalize() then slice the output to n bit challenge
+        vec![]
+    }
+    fn get_challenges(&mut self, n: usize) -> Vec<C::ScalarField> {
+        let output = self.sponge.clone().finalize_boxed(n);
+        self.sponge.update(&[output[0]]);
+
+        let c = output
+            .iter()
+            .map(|c| C::ScalarField::from_le_bytes_mod_order(&[*c]))
+            .collect();
+        c
+    }
+}
+
+#[cfg(test)]
+pub mod tests {
+    use super::*;
+    use ark_pallas::{
+        // constraints::GVar,
+        Fr, Projective
+    };
+    use ark_std::UniformRand;
+
+    /// WARNING the method poseidon_test_config is for tests only
+    #[cfg(test)]
+    pub fn sha3_test_config<F: PrimeField>() -> SHA3Config {
+        SHA3Config {}
+    }
+
+    #[test]
+    fn test_transcript_get_challenge() {
+        let mut rng = ark_std::test_rng();
+
+        const n: usize = 10;
+        let config = sha3_test_config::<Fr>();
+
+        // init transcript
+        let mut transcript = SHA3Transcript::<Projective>::new(&config);
+        let v: Vec<Fr> = vec![Fr::rand(&mut rng); n];
+        let challenges = transcript.get_challenges(v.len());
+        assert_eq!(challenges.len(), n);
+    }
+}