Closed mmagician closed 1 year ago
Why not pass it in the public parameters/commitment/verifying keys?
They impose trait bounds which are not guaranteed on e.g. CRHScheme
:
pub trait PCCommitterKey:
Clone + core::fmt::Debug + CanonicalSerialize + CanonicalDeserialize
You can write a custom impl of those traits for those functions, right? I don't think you need to store CRHScheme
inside PCCommitterKey
, but rather only CRHScheme::Params
, right?
Yes I meant the CRHScheme::Params
.
That sounds like unnecessary boilerplate - is there any drawback to exposing a &self
, aside from the breaking change that it introduces?
It sort of goes against how we construct every other cryptographic primitive, where we pass in parameters explicitly. The other way to do this would be to add the trait bounds to the CRH traits
Besides, I think that if I want to implement CanonicalSerialize
for PCCommitterKey
, I'd need to assume that CRHScheme::Params
has a CanonicalSerialize
trait bound:
#[derive(CanonicalSerialize, CanonicalDeserialize)]
struct LigeroPCVerifierKey<C>
where
C: Config,
<<C as Config>::TwoToOneHash as TwoToOneCRHScheme>::Parameters: CanonicalSerialize + other_stuff,
<<C as Config>::LeafHash as CRHScheme>::Parameters: ...,
or without the derives, if I impl CanonicalSerialize
myself, I'd still need to somehow assume I have a way to serialize the Parameters
.
So you're saying to add CanonicalSerialize
bound etc. to CRHScheme::Parameters
: https://github.com/arkworks-rs/crypto-primitives/blob/4b3bdac16443096b26426673bff409d4e78eec94/src/crh/mod.rs#L32:
pub trait CRHScheme {
type Input: ?Sized;
type Output: Clone
+ Eq
+ core::fmt::Debug
+ Hash
+ Default
+ CanonicalSerialize
+ CanonicalDeserialize;
type Parameters: Clone + CanonicalSerialize + others;
Is that what you mean? I could do that, we don't have that many implementors anyway so shouldn't be too much work overhead.
Yes, I think it makes sense because those are things that need to be serialized and deserialized anyway
Ok thanks @Pratyush! Will do that then
Summary
Problem Definition
LigeroPCS requires the prover & the verifier to do some Merkle tree operations in the non-interactive setting. Specifically, the prover's commitment is a Merkle root, and the verifier should check well-formedness of such a commitment against the provider proofs (MT paths) for a couple of leaf indices.
We are trying to use a Merkle Tree from crypto-primitives inside the
commit
method (and equivalently,Path
in thecheck
method) - which requires the parties to provide a concrete instantiation of aCRHScheme
andTwoToOneCRHScheme
. Currently we can do it like:This looks a bit hacky, because probably the
rng
parameter wasn't meant to be used for constructing structs that are part of the setup.A more natural way to do this would be to have
and then when we need either of the params, we'd call
self.leaf_hash_params
, for example. The problem is of course that neither the interface forcommit
norcheck
exposes a&self
parameter, so there's no way to access parameters from the struct implementingPolynomialCommitment
.Proposal
I propose changing the method signature of the associated
PolynomialCommitment
methods to include a (non-mutable)&self
, e.g.The alternative for this Ligero PC is to have the merkle tree parameters be part of
Self::{Verifier,.Commiter}Key
, but that introduces a great deal of additional constraints (serialization,Sync
etc.) which are cumbersome to enforce onC::LeafHash
etc.@antonio95
For Admin Use