Closed drewstone closed 3 years ago
ChaChaRng with a random seed may work
The issue is the seed's source. It should be a block hash or all the transactions or something, so that Fiat-Shamir applies. I think even then one should double check that everything makes sense. One could even send a PR here for a "derandomized verifier" so people can speak about it concretely.
Linking this thread for background.
Hello,
We've been working on mixers in Substrate using this library and have gotten things to work for some time until live-testnet deployment where our Substrate WASM runtime has begun complaining about
getrandom
incompatibilities. Judging by the comments in that thread, it seems we need to find other routes of verifying bulletproof proofs inside of ano_std
or WASM runtime. I'm curious to learn more why the verifier needs anrng
/prng
to do verification. Should fiat-shamir (assuming that's why it's used) really need fresh random values from aprng
?Any recommendation as far as a
prng
implementation that uses a random seed to instantiate itself and that also compiles to WASM? This would allow me to use other on-chain randomness to achieve this goal instead of anOsRng
which has been working locally for quite some time.