Struct MultiField32Challenger 

pub struct MultiField32Challenger<F, PF, P, const WIDTH: usize, const RATE: usize>
where
    F: PrimeField32,
    PF: PrimeField,
    P: CryptographicPermutation<[PF; WIDTH]>,
{ /* private fields */ }

A challenger that samples in F: PrimeField32 while the transcript sponge lives in PF.

Wraps DuplexChallenger<PF>: all permutations and PF rate state are exactly those of inner. This type only adapts

• F → PF: pending scalars are packed with reduce_packed (radix $2^{\texttt{absorb_radix_bits::()}}$) into up to RATE PF rate slots, then DuplexChallenger::absorb_rate_padded_with_tag runs (zero-padded tail, length tag = number of Fs absorbed).
• PF → F: after each duplex, each rate cell is split with split_pf_to_field_order_limbs (base |F|, squeeze_field_order_num_limbs limbs per cell) into a flat queue consumed by CanSample::sample. Each extracted limb is uniform over the entire F domain (bias < 1/|F|). The inner output_buffer is then cleared so the next empty batch triggers a new duplex like DuplexChallenger::sample.

observe(Hash) / observe(MerkleCap) flush pending Fs through that packed absorb, then absorb digest words natively via the same absorb_rate_padded_with_tag (length tag = number of PF words in the block)—no PF → F → repack detour.

Implementations

impl<F, PF, P, const WIDTH: usize, const RATE: usize> MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

pub const fn absorb_radix_bits(&self) -> u32

Radix bit-width $b$ for packing observed F values via reduce_packed: the smallest b with F::ORDER_U32 - 1 < 2^b (see p3_field::absorb_radix_bits).

pub fn absorb_num_f_elms(&self) -> usize

Maximum number of F elements packed into a single PF rate slot injectively (see p3_field::max_absorb_injective_limbs). Pending scalars are absorbed in chunks of this size; at most RATE such packed words are written per duplex step.

pub fn squeeze_num_f_elms(&self) -> usize

Number of base-|F| limbs taken from each squeezed PF rate cell when refilling the F queue (see p3_field::squeeze_field_order_num_limbs and p3_field::split_pf_to_field_order_limbs). Chooses near-uniform limbs over F for uniform PF.

pub const fn pending_f_squeeze_len(&self) -> usize

Number of F challenges still queued from the current squeeze batch (after sample pops).

pub fn new(permutation: P) -> Result<Self, String>

Trait Implementations

impl<F, PF, P, const WIDTH: usize, const RATE: usize> CanFinalizeDigest for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

type Digest = [PF; RATE]

The type of digest produced by finalization.

fn finalize(self) -> [PF; RATE]

Finalize the transcript and produce a binding digest.

impl<F, PF, const N: usize, P, const WIDTH: usize, const RATE: usize> CanObserve<&MerkleCap<F, [PF; N]>> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, cap: &MerkleCap<F, [PF; N]>)

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, PF, const N: usize, P, const WIDTH: usize, const RATE: usize> CanObserve<[F; N]> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, values: [F; N])

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> CanObserve<F> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, value: F)

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, PF, const N: usize, P, const WIDTH: usize, const RATE: usize> CanObserve<Hash<F, PF, N>> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, values: Hash<F, PF, N>)

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, PF, const N: usize, P, const WIDTH: usize, const RATE: usize> CanObserve<MerkleCap<F, [PF; N]>> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, cap: MerkleCap<F, [PF; N]>)

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> CanObserve<Vec<Vec<F>>> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe(&mut self, valuess: Vec<Vec<F>>)

Absorb a single value into the transcript.

fn observe_slice(&mut self, values: &[T])

where T: Clone,

Absorb a slice of values into the transcript.

impl<F, EF, PF, P, const WIDTH: usize, const RATE: usize> CanSample<EF> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, EF: BasedVectorSpace<F>, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn sample(&mut self) -> EF

Sample a single challenge value from the transcript.

fn sample_array<const N: usize>(&mut self) -> [T; N]

Sample an array of N challenge values from the transcript.

fn sample_vec(&mut self, n: usize) -> Vec<T>

Sample a Vec of n challenge values from the transcript.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> CanSampleBits<usize> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn sample_bits(&mut self, bits: usize) -> usize

The sampled bits are not perfectly uniform, but we can bound the error: every sequence appears with probability 1/p-close to uniform (1/2^b).

Proof: We denote p = F::ORDER_U32, and b = bits. If X follows a uniform distribution over F, if we consider the first b bits of X, each sequence appears either with probability P1 = ⌊p / 2^b⌋ / p or P2 = (1 + ⌊p / 2^b⌋) / p. We have 1/2^b - 1/p ≤ P1, P2 ≤ 1/2^b + 1/p

impl<F, PF, P, const WIDTH: usize, const RATE: usize> Clone for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32 + Clone, PF: PrimeField + Clone, P: CryptographicPermutation<[PF; WIDTH]> + Clone,

fn clone(&self) -> MultiField32Challenger<F, PF, P, WIDTH, RATE>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> Debug for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32 + Debug, PF: PrimeField + Debug, P: CryptographicPermutation<[PF; WIDTH]> + Debug,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> FieldChallenger<F> for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

fn observe_algebra_element<A: BasedVectorSpace<F>>(&mut self, alg_elem: A)

Absorb an element from a vector space over the base field.

fn observe_algebra_slice<A: BasedVectorSpace<F> + Clone>( &mut self, alg_elems: &[A], )

Absorb a slice of elements from a vector space over the base field.

fn sample_algebra_element<A: BasedVectorSpace<F>>(&mut self) -> A

Sample an element of a vector space over the base field.

fn observe_base_as_algebra_element<EF>(&mut self, val: F)

where EF: Algebra<F> + BasedVectorSpace<F>,

Observe base field elements as extension field elements for recursion-friendly transcripts.

impl<F, PF, P, const WIDTH: usize, const RATE: usize> GrindingChallenger for MultiField32Challenger<F, PF, P, WIDTH, RATE>

where F: PrimeField32, PF: PrimeField, P: CryptographicPermutation<[PF; WIDTH]>,

type Witness = F

The underlying field element type used as the witness.

fn grind(&mut self, bits: usize) -> Self::Witness

Perform a brute-force search to find a valid PoW witness.

fn check_witness(&mut self, bits: usize, witness: Self::Witness) -> bool

Check whether a given witness satisfies the PoW condition.