If we replace all uses of merlin::Transcript with impl Transcript, we enable the ability to use any transcript implementation that is desired.
Requested Changes
We need to replace all usage of merlin::Transcript with impl Transcript. Tests can still leverage merlin::Transcript because they need a concrete implementation, but all other code should be written generically.
extend_serialize_as_le can replace append_auto
extend_canonical_serialize_as_le can replace append_canonical_serialize
scalar_challenge_as_be can replace challenge_scalar_single ( and challenge_scalars )
other methods can be better replacements as relevant
[ ] CommitmentEvaluationProof::new, CommitmentEvaluationProof::verify_proof, CommitmentEvaluationProof::verify_batched_proof should accept impl crate::base::proof::Transcript instead of merlin::Transcript.
[ ] All implementers of CommitmentEvaluationProof will need to be updated to implement the changes properly.
[ ] InnerProductProof - this will still internally need to use merlin::Transcript. This is handled via wrap_transcript.
[ ] DoryEvaluationProof - the usages of the transcript bubble down to DoryMessages.
[ ] Either QueryProof::new and QueryProof::verify can be made generic w.r.t. Transcript, or QueryProof itself can be made generic w.r.t. Transcript. It is unclear which is a better design choice. Both solutions will require replacing the old transcript usage with the new within those functions.
[ ] Tests will likely need to be refactored, but should just used merlin::Transcript as the concrete type. In the future, we may wish to migrate tests to use Keccak256Transcript instead. This can be a separate issue.
Background and Motivation
Currently, the Proof of SQL prover uses the
merlin
crate to provide it's public-coin transcript, created here: https://github.com/spaceandtimelabs/sxt-proof-of-sql/blob/29d334d5cd6e31cf66a0353f21613932df63c059/crates/proof-of-sql/src/sql/proof/query_proof.rs#L62. However,merlin
does not supportno_std
(see #117 and https://github.com/zkcrypto/merlin/pull/8) and is not conducive to use within the EVM/Solidity.https://github.com/spaceandtimelabs/sxt-proof-of-sql/pull/123 and https://github.com/spaceandtimelabs/sxt-proof-of-sql/pull/159 add a new
Transcript
trait that allows for using different transcripts. (Such as the simpleKeccak256Transcript
.)If we replace all uses of
merlin::Transcript
withimpl Transcript
, we enable the ability to use any transcript implementation that is desired.Requested Changes
We need to replace all usage of
merlin::Transcript
withimpl Transcript
. Tests can still leveragemerlin::Transcript
because they need a concrete implementation, but all other code should be written generically.extend_serialize_as_le
can replaceappend_auto
extend_canonical_serialize_as_le
can replaceappend_canonical_serialize
scalar_challenge_as_be
can replacechallenge_scalar_single
( andchallenge_scalars
)other methods can be better replacements as relevant
[ ]
CommitmentEvaluationProof::new
,CommitmentEvaluationProof::verify_proof
,CommitmentEvaluationProof::verify_batched_proof
should acceptimpl crate::base::proof::Transcript
instead ofmerlin::Transcript
.[ ] All implementers of
CommitmentEvaluationProof
will need to be updated to implement the changes properly.InnerProductProof
- this will still internally need to usemerlin::Transcript
. This is handled viawrap_transcript
.DoryEvaluationProof
- the usages of the transcript bubble down toDoryMessages
.[ ] Either
QueryProof::new
andQueryProof::verify
can be made generic w.r.t.Transcript
, orQueryProof
itself can be made generic w.r.t.Transcript
. It is unclear which is a better design choice. Both solutions will require replacing the old transcript usage with the new within those functions.[ ] Tests will likely need to be refactored, but should just used
merlin::Transcript
as the concrete type. In the future, we may wish to migrate tests to useKeccak256Transcript
instead. This can be a separate issue.