JayWhite2357
commented
1 week ago @jvff Here is the issue that we discussed. This should complete the work to support wasm32-unknown-unknown without JS.
Open JayWhite2357 opened 1 week ago
JayWhite2357
commented
1 week ago @jvff Here is the issue that we discussed. This should complete the work to support wasm32-unknown-unknown without JS.
Background and Motivation
Currently, the Proof of SQL prover uses the
merlincrate to provide it's public-coin transcript, created here: https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/29d334d5cd6e31cf66a0353f21613932df63c059/crates/proof-of-sql/src/sql/proof/query_proof.rs#L62. However,merlindoes not supportno_std(see #117 and https://github.com/zkcrypto/merlin/pull/8) and is not conducive to use within the EVM/Solidity.https://github.com/spaceandtimelabs/sxt-proof-of-sql/pull/123 and https://github.com/spaceandtimelabs/sxt-proof-of-sql/pull/159 add a new
Transcripttrait that allows for using different transcripts. (Such as the simpleKeccak256Transcript.)If we replace all uses of
merlin::Transcriptwithimpl Transcript, we enable the ability to use any transcript implementation that is desired.Requested Changes
We need to replace all usage of
merlin::Transcriptwithimpl Transcript. Tests can still leveragemerlin::Transcriptbecause they need a concrete implementation, but all other code should be written generically.extend_serialize_as_lecan replaceappend_autoextend_canonical_serialize_as_lecan replaceappend_canonical_serializescalar_challenge_as_becan replacechallenge_scalar_single( andchallenge_scalars)other methods can be better replacements as relevant
[ ]
CommitmentEvaluationProof::new,CommitmentEvaluationProof::verify_proof,CommitmentEvaluationProof::verify_batched_proofshould acceptimpl crate::base::proof::Transcriptinstead ofmerlin::Transcript.[ ] All implementers of
CommitmentEvaluationProofwill need to be updated to implement the changes properly.InnerProductProof- this will still internally need to usemerlin::Transcript. This is handled viawrap_transcript.DoryEvaluationProof- the usages of the transcript bubble down toDoryMessages.[ ] Either
QueryProof::newandQueryProof::verifycan be made generic w.r.t.Transcript, orQueryProofitself can be made generic w.r.t.Transcript. It is unclear which is a better design choice. Both solutions will require replacing the old transcript usage with the new within those functions.[ ] Tests will likely need to be refactored, but should just used
merlin::Transcriptas the concrete type. In the future, we may wish to migrate tests to useKeccak256Transcriptinstead. This can be a separate issue.