Open cedoor opened 3 months ago
Hey @arnaucube, may I know if you're still maintaining babyjubjub-rs
and poseidon-rs
?
Might you be interested in including them in the ZK-Kit package set? You would remain the author ofc.
For context. ZK-Kit is a collective effort of PSE devs that aims to provide a set of reusable libraries in a context where standards on code quality, documentation, test coverage, and audits are guaranteed.
Hi, sure, they both are compatible with circomlib's version (also with circomlibjs's version). And if useful, there exists also compatible implementations of both Poseidon & BabyJubJub's EdDSA in Go in https://github.com/iden3/go-iden3-crypto 's repo.
If useful, there is also other a merkletree implementation in Go that is compatible with circomlib's sparsemerkletree version, with the main feature (appart from full compatibility) that it parallelizes by CPUs so it goes faster than the js one (eg. 2m09s vs 0.436s adding 10k leafs): https://github.com/vocdoni/arbo .
Regarding being maintained, the mentioned repos are not actively being developed since they reached the desired features, but if there are future fixes to potential bugs they will be taken care of.
Another way might be just using arkworks backend as in here https://github.com/kilic/arkeddsa/ both for poseidon and jubjub
@kilic interesting. Is Poseidon compatible with the Iden3 version?
@kilic interesting. Is Poseidon compatible with the Iden3 version?
Not as it is in kilic/arkeddsa but so close
oh right! Agree with @kilic ^^, if you can do with with arkworks it would be much better than depending on the initially mentioned libs, less dependencies to maintain, and more compatible with other projects (in the arkworks ecosystem).
Thank you guys 🙏🏽 I'll leave this issue open for anyone who wants to implement it and follow your suggestions.
@cedoor I would like to take this up
@1010adigupta Sure, I'll assign this issue to you then :)
@1010adigupta Are you still working on this? (If not we may assign it to someone else)
@1010adigupta Are you still working on this? (If not we may assign it to someone else)
yes, you may assign it to someone else, got busy with some other stuff
@cedoor @sripwoud Can I get this issue?
Hey @ozgurarmanc, ofc 👍🏽
I can take a crack at picking this one up if you'd like...
@Some-of-the-things ofc, I'll assign it to you 👍🏽
I had a look at it last week, and here are my two cents:
@kilic interesting. Is Poseidon compatible with the Iden3 version?
Not as it is in kilic/arkeddsa but so close
1. We should give the matching config params 2. Circom takes 0th element of the state as output and arkworks skips 0th element. However in arkworks [sponge state](https://github.com/arkworks-rs/crypto-primitives/blob/6b195553444650fb37663ee1919c9fd885f5dbd9/crypto-primitives/src/sponge/poseidon/mod.rs#L54) is public so 0th element is accessible and then it becomes circom compatible as it is done [here](https://github.com/privacy-scaling-explorations/sonobe/blob/edadcdd520b8cf657cfa5c679dd09c6579759b0c/folding-schemes/src/transcript/poseidon.rs#L136)
Actually the main problem compatibility problem with kilic/arkeddsa is not the poseidon hash, rather the blake digest circom uses for the signatures. blake-hash, which is also used in babyjubjub-rs, depends on digest v0.9 while arkeddsa expects v0.10. The traits change quite a bit between these two versions.
I went on and try to update the blake-hash
dependencies here, but I did not manage to test this yet. Using babyjubjub-rs
for the time beign could be an easy win.
Describe the package you'd like
ZK-Kit already provides a package to generate EdDSA keys that uses Poseidon hashes and is based on the BabyJubjub elliptic curve. The Rust crate should be compatible with the JS version.
Possible dependencies:
It is worth checking whether an implementation in Rust already exists.