fix DomainSeparator IV derivation logic#149
Conversation
| pub fn protocol_id() -> [u8; 64] { | ||
| protocol_id(core::format_args!("schnorr proof")) | ||
| pub fn protocol_id() -> Vec<u8> { | ||
| protocol_label(core::format_args!("schnorr proof")) |
There was a problem hiding this comment.
This can be simplified, remove protocol_label and format_args
| @@ -1,227 +1,186 @@ | |||
| //! Utilities for domain separation. | |||
There was a problem hiding this comment.
Please don't remove the module documentation without replacing it with something meaningful
| use crate::{DuplexSpongeInterface, Encoding, ProverState, StdHash}; | ||
|
|
||
| /// Sponge / compilation info for [`domain_separator!`] when no explicit `sponge_info` is supplied. | ||
| pub const DOMAIN_SEPARATOR_MACRO_SPONGE_INFO: &[u8] = b"spongefish/domain_separator/macro/v1"; |
There was a problem hiding this comment.
I don't understand why is this constant exported?
| /// | ||
| /// domain_separator!("this will not compile").std_prover(); | ||
| /// ``` | ||
| /// |
There was a problem hiding this comment.
Why was this example removed?
| /// This type is used to make sure that the developer does not forget to add it. | ||
| /// | ||
| /// ```compile_fail | ||
| /// # // a BAD EXAMPLE of instantiating a domain separator. |
There was a problem hiding this comment.
Please remove these lines, it's understood by compile_fail
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
| f.debug_tuple("WithSession").field(&self.0).finish() | ||
| } | ||
| fn absorb_domain_field(sponge: &mut StdHash, field: &[u8]) { |
There was a problem hiding this comment.
This function can be inlined
| for field in [protocol_id, sponge_info, session] { | ||
| absorb_domain_field(&mut sponge, field); | ||
| } |
There was a problem hiding this comment.
Please unroll this for loop, let's be clear about what happens
| domsep | ||
| } | ||
|
|
||
| /// Domain separator for a Fiat--Shamir transformation. |
There was a problem hiding this comment.
Same as for the module documentation, let's try to preserve documentation information
There was a problem hiding this comment.
Please restore DomainSeparator::session, that's not part of this immediate change.
I liked the idea of declaring a session after a protocol ID, since the session can be given at runtime.
I agree that we should make it mandatory to be declared if needed, but this check can be forced when running to_prover.
`
2 participants
No description provided.