Only the first three words of each Digest is verified in the multiset_equality_digests. This error is mirrored in the Rust-shadowing, so it doesn't show up in the tests. We need to absorb all elements of the Digest list for this to be sound.
Idea: Use one more challenge when calculating the running sum to collapse Digest to an XFieldElement:
$m \rightarrow m̀_0 = m_0 + (\alpha m)_3, m̀_1 = m_1 + (\alpha m)_4, m̀_2 = m_2 $,
and then absorb this new $m̀$ x-field element into the running sum.
This 2nd challenge can simply be the hash of the existing, 1st challenge (which is still needed).
Only the first three words of each
Digestis verified in themultiset_equality_digests. This error is mirrored in the Rust-shadowing, so it doesn't show up in the tests. We need to absorb all elements of theDigestlist for this to be sound.Idea: Use one more challenge when calculating the running sum to collapse
Digestto anXFieldElement: $m \rightarrow m̀_0 = m_0 + (\alpha m)_3, m̀_1 = m_1 + (\alpha m)_4, m̀_2 = m_2 $,and then absorb this new $m̀$ x-field element into the running sum.
This 2nd challenge can simply be the hash of the existing, 1st challenge (which is still needed).