spongefish 0.6.0

An implementation of the Fiat--Shamir transformation from Duplex Sponges.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

//! Plonky3's BabyBear field codec implementation
use p3_baby_bear::BabyBear;
use p3_field::PrimeField32;

use crate::{
    codecs::{Decoding, Encoding},
    io::NargDeserialize,
    VerificationError, VerificationResult,
};

// xxx. implement Permutation for CryptographicPermutation.

const BABYBEAR_ZERO: BabyBear = unsafe { core::mem::transmute(0u32) };

// Make BabyBear a valid Unit type
impl crate::Unit for BabyBear {
    const ZERO: Self = BABYBEAR_ZERO;
}

// Implement Decoding for BabyBear
//
// Sampling 32 bits and reducing them modulo BABYBEAR::ORDER_U32
// would give us 31.2064 bits of indistinguishability, which feels weak.
// Sampling 33 bits and reducing them modulo BABYBEAR::ORDER_U32
// would give us 32.4474 bits of indistinguishability, which is sufficient but weird to use
// via built-in integer types.
//
// We are opting for sampling a u64 and then reducing it modulo BABYBEAR::ORDER_U32
// which gives us 64.2592 bits of indistinguishability.
//
// The above numbers were obtained in Python via:
// ```
// f = lambda a, b: math.log2(2. * (a - (b % a)) / a / b)
// f(2013265921, 1<<32), f(2013265921, 1<<33), f(2013265921, 1<<64)
// ```
impl Decoding<[u8]> for BabyBear {
    type Repr = [u8; 8];

    fn decode(buf: Self::Repr) -> Self {
        let n = u64::from_le_bytes(buf);
        Self::new((n % u64::from(Self::ORDER_U32)) as u32)
    }
}

// Implement Deserialize for BabyBear
impl NargDeserialize for BabyBear {
    fn deserialize_from_narg(buf: &mut &[u8]) -> VerificationResult<Self> {
        if buf.len() < 4 {
            return Err(VerificationError);
        }

        let mut repr = [0u8; 4];
        repr.copy_from_slice(&buf[..4]);
        let value = u32::from_be_bytes(repr);

        // Check that the value is in the valid range
        if value >= Self::ORDER_U32 {
            return Err(VerificationError);
        }
        *buf = &buf[4..];
        Ok(Self::new(value))
    }
}

// Implement Encoding for BabyBear
impl Encoding<[u8]> for BabyBear {
    fn encode(&self) -> impl AsRef<[u8]> {
        self.as_canonical_u32().to_be_bytes()
    }
}